Security Trends to Look Out For in 2019

Cyber Attack, Encryption, Hacking, Internet of things, Ransomware, Security, Security Threats, , , , , , ,
04
Dec 2018

2018 has been a year where malware, ransomware and data breaches have barely been out of the headlines, but what’s in store for cyber-security in 2019?

As long as there’s a digital landscape, hackers will continue to launch an array of attacks that take in numerous different techniques. And, most importantly, they will continue to evolve their methods to avoid detection and cause more damage to networks and the PCs on them. With this in mind, it’s perhaps the best time to take a look at the security trends which will be most important for your organizations defenses next year.

To help you get prepared for next year, we’re going take a look at some of the major security trends to look out for in 2019.

Backups will continue to be Crucial

With ransomware still remaining a prevalent and major threat to secure and essential data, backing up your data regularly and rigorously will be a vital task for all organizations. Backups may seem a costly affair in terms of budget and time, but it only takes one employee to fall victim to a ransomware scam for your entire network’s data to be compromised. And with new ransomware scams such as Zenis deleting backups, it’s essential that offsite and non-network backups are also held.

Coinminer Malware Remains a Threat

Cryptocurrency is still a lucrative business and mining for cryptocurrency continues to generate large amounts of cash. However, whilst this is perfectly legal and above board, the use of coinminer malware is far from legal or ethical. Due to the amount of processing power involved in mining for cryptocurrency, hackers are using malware to enslave PCs remotely and using their processor power to mine for cryptocurrencies. This form of malware has become harder to detect and more sophisticated throughout 2018, so expect it to evolve further in 2019.

The Hacking of IoT Devices will Increase

Close to 27 billion IoT devices will be connected in 2019 – an increase of nearly 3 billion compared to 2018 – so you can bet your bottom dollar that the number of attacks in this arena will increase accordingly. Unfortunately, many owners of IoT devices are still neglecting to change the default password to access these devices and this is giving hackers free rein to take control of them. Not only does the default password debacle remain an issue, but hackers are now designing malware to take advantage of vulnerabilities in IoT devices.

Security Training

Due to the threats already presented, security training will become paramount in 2019. As hackers evolve their methods of attack at a rapid pace, keeping your organization’s staff aware of these threats is one of the best forms of defense you can employ. Awareness training hammers home the basics of good security practices and you’ll find that these can also be used to combat the new threats which will no doubt go head to head with your security defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Why are Cloud Networks at Risk of Being Hacked in 2018?

Cloud, Cloud Backup, Cyber Attack, Hacking, IT Mistakes, Phishing, Secure Database, Security, , ,
06
Nov 2018

 

Cloud networks are the most important newcomers to storage and networking in a long, long time, but why are cloud networks at risk of being hacked in 2018?

With cloud network revenue set to hit $228 billion in 2019, it’s clear to see that cloud networks have become phenomenally successful and their popularity doesn’t appear to show any signs of slowing down. However, hackers are exceptionally interested in this new slice of digital real estate and, accordingly, are beginning to tailor attacks towards cloud providers. Naturally, new technology is prone to teething issues, but when there’s so much data at risk, it’s understandable that organizations may be a little concerned by the risk of cloud networks being hacked.

Let’s take a look at exactly why there’s a risk of your cloud network being hacked and having all its data compromised.

Hackers Like to Target Big and Sensitive Data

Cloud networks have been readily adopted by many organizations due to the vast benefits they offer, so it should come as no surprise that hackers have followed consumers to the cloud. Organizations are frequently storing entire databases packed full of confidential data which, to a hacker’s eyes, is the ultimate prize. Rather than embarking on time consuming hacking strategies which yield only one employee’s details, hackers are going to go straight to the cloud to obtain as much data as possible.

 

The Cloud Brings New Technology

While organizations are more than aware of firewalls and passwords, cloud networks bring a whole new range of technology that has shifted the goalposts of cyber-security. For example, the cloud is a virtual network rather than a physical network and, accordingly, can’t be treated in the same way as previous technology that organizations have used. New security tools are required to marshal data warehouses in the cloud and, at present, the level of knowledge is, even in many IT professionals, at a naive level.

Human Error is Always an Issue

Employees of any organization that accesses a cloud network are perhaps the biggest threat to cloud security. All it takes is one mistake for a hacker to gain access to your network and, if they access your cloud, this could have catastrophic effects for your organization’s data. As ever, the risk of falling for phishing scams puts the security of your cloud network at risk, but, as covered earlier, the new technology also brings a number of problems to the table such as configuration errors. Amazon, for example, exposed nearly 48 million data profiles earlier this year due to not configuring their cloud correctly.

The Danger of State Sponsored Attacks

Huge organizations that are integral to the running of the country have invested heavily in cloud networks to help store the vast amounts of data that they generate. The result of this is that hackers are continually searching for new and innovative ways to breach cloud security. While their main target may be major corporations, the knowledge that these hackers are gaining means that the ease with which cloud networks can be hacked is increasing. As this knowledge builds and builds, attacks on cloud networks will become easier to execute and more commonplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More

Scottish Brewery Hit by the Dharma Ransomware

Dharma, email security, Phishing, Phishing Email, Ransomware, Security, , , ,
23
Oct 2018

Ransomware continues to cause chaos for organizations with the latest story to hit the news concerning a Scottish brewery infected by the Dharma ransomware.

While it has been reported that ransomware attacks have fallen by 30% in the last 12 months, the fact remains that they’re still capable of causing significant disruption. In the case of the Arran Brewery on the Isle of Arran, Scotland, the organization had to accept that they would lose around three months’ worth of sales data due to the effects of the attack. This, of course, is the last thing that any business wants and acts as a fine reminder that we need to be on guard against ransomware.

To help provide a little background and demonstrate how the attack unfolded, we’re going to take a closer look at what happened.

Attacking the Brewery

What’s most interesting about the attack on the Arran Brewery is that it would appear the attackers deliberately targeted the brewery. Instead of a scattershot approach which targeted multiple organizations, the hackers focus was clearly on the Arran Brewery. Just before the attack, multiple adverts for a job at the Arran Brewery (which had already been filled) appeared on recruitment sites all over the globe. Naturally, the brewery received a sharp increase in the number of CVs being emailed in but, unfortunately, one of the emails contained a malicious payload.

The payload was contained with a PDF attachment which, when opened, initiated the attack and infected the entire network. Following the encryption of the Arran Brewery’s files, a ransom demand was issued which advised that the encryption keys would only be released in exchange for 2 bitcoin (roughly $14,000). Thankfully, an IT consultant was able to retrieve a significant amount of the encrypted data from backups and rid the system of the infection. However, certain files couldn’t be restored and, due to it not being economically viable to pay the ransom, the Arran Brewery decided to write off three months’ worth of sales data.

What is Dharma?

Dharma is a strain of ransomware which was first released in 2016 and has regularly been updated ever since due to the emergence of Dharma decryptors. In September 2018, for example, three new variants emerged which are resistant to previous decryptors. When files are encrypted by Dharma they will automatically append a new file extension onto the existing file and these extensions can include:

  • .dharma
  • .cesar
  • .onion
  • .wallet
  • .zzzzz

Final Thoughts

If anything acts as a reminder that organizations need to be vigilant against ransomware then it’s a current and contemporary threat. Dharma could easily hit your organization next, so you need to ask yourself whether you can afford to lose three months’ worth of data. I’ll let you into a little secret: no one wants to lose three months’ worth of data. Therefore, it’s crucial that you reiterate the importance of email security to your employees in order to maintain access to all your data at all times.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Do You Reduce the Risk of Phishing Attacks?

email links, Password Security, Phishing, Phishing Email, Security, Security Threats, , ,
16
Oct 2018

Thanks to the power of social engineering, phishing remains a powerful method of hacking organizations. Reducing this risk, therefore, is crucial.

Phishing has been active since the early days of the internet and, unfortunately, it doesn’t appear to be going anywhere soon. Thankfully, you don’t have to fall victim to these deceptive attacks as there is plenty that any organization can do to protect its data. And, don’t worry, it doesn’t involve investing millions in state of the art technology. All it takes is a little bit of common sense and an understanding of how phishing attacks work.

To get you started we’re going to show you how to reduce the risk of phishing attacks.

Antivirus Software is Key

One of the best ways to reduce phishing emails is by working with antivirus software. Capable of scanning attachments and analyzing links contained within emails, a good antivirus software can easily target the two main ways that phishing attacks unleash their payload. However, as with all software, it’s important that you update it regularly and install updates immediately. Phishing attacks can spread round the world very quickly, so you need to stay one step ahead of them.

Keep Up to Date with Phishing Attacks

Hackers are constantly developing their techniques and tweaking their methods, so it’s vital that you keep an eye on what’s happening in the world of phishing. New attack methods can be launched very quickly and be in your inbox within a day, so make sure that you’re regularly monitoring IT news sources to prepare yourself for any incoming threats.

Educate Your Employees

The main targets of any phishing attack against your organization will be your employees, so they have to be educated in order to prevent any data breaches. The basics of phishing are relatively simple, so the training doesn’t need to be too in-depth. All you have to do is ensure that these basics are hammered home so that employees know how to spot a phishing email and how to deal with it.

Practice Phishing Attacks

A popular method for reducing the risk of phishing attacks is by running regular exercises to test your employees. For example, fake phishing emails can be randomly emailed to your employees that test whether they are susceptible to phishing scams or not. Usually, these emails will contain a fake link that urges them to complete something on behalf of the company – such as IT training – but the actual URL contained will be a ‘malicious’ one. Those employees that fail to spot the ‘malicious’ link can then be asked to take a refresher training course.

Combine All Your Preventative Methods

The key to reducing the risk of phishing attacks is by combining all of the above into one multi-faceted security approach. An amazing antivirus software solution, for example, isn’t effective enough on its own. Instead, you need a firm knowledge of the phishing landscape, amazing employee training and regular tests to guarantee that you can tackle phishing on all fronts.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Basics of How Phishing Works

email links, Phishing, Phishing Email, Security, Security Threats, , ,
09
Oct 2018

You’ve read the headlines and you may even have been a victim of phishing, but what is it and how does it work?

Phishing is a highly dangerous form of hacking which can compromise sensitive data and cause significant disruption to the running of a business. One of the main reasons that phishing has become such a successful method of wreaking digital havoc is down to a lack of knowledge on the behalf of PC users. While phishing is far from the most complex hacking technique, the average PC user is unlikely to know the ins and outs of phishing.

As we know that time and productivity is a valuable asset for your organization, we’re going to take a look at the basics of how phishing works.

What is Phishing?

Let’s get one thing straight, phishing is nothing like sitting by a lake and peacefully fishing. In fact, it’s far from enjoyable, but there is one element that remains the same. And that’s the use of bait. You see, phishing thrives upon the use of bait to obtain information out of an innocent party. The most common way to phish, in the digital landscape, is through an email. And, within this email, will be a piece of bait with which the hackers plan to land a prize catch.

Leaving the world of fishing behind, a phishing email is one which uses a number of deceptive techniques to extract sensitive data such as login details, bank details or even secure data such as customer database spreadsheets etc. Essentially, phishing is one big con and, as with all cons, gaining the trust of the victim is crucial to success. That’s why hackers are so keen to appear genuine when they send their phishing emails.

The classic example of a phishing email is one that claims to have been sent from a bank to verify your login details. A scare tactic will usually be employed, such as a report of unusual activity on the account, in order to encourage a swift response which foregoes any rational thought. A link will be included in the email which the user is advised to click in order to go through a series of security checks. However, clicking this link will take you to a malicious website – even if it looks genuine – where your data will be harvested to help fuel identity theft or, in extreme cases, a loss of funds.

Why Does Phishing Work?

You may be wondering why people fall for phishing scams and the simple truth is that it’s down to a lack of concentration and analysis. Phishing takes advantage of these weaknesses on both individuals and security software. By planting a seed of trust, such as promising to safeguard your personal data, the hacker can, in fact, do the complete opposite and use this trust to harm you.

Key to successful phishing emails is the use of social engineering to convince recipients that the emails are genuine. Phishing emails will be packed full of official company logos and it’s even possible for hackers to spoof official email addresses in the From: section of an email. And, for people busy at work, it’s easy for them to take their eye off the ball for just a fraction of a second. As a result, links are clicked that shouldn’t be clicked and hackers land their prize catch.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 9 10 11 12 13