Email Phishing Scam Steals Snapchat Employees Data

Security, ,
19
Apr 2016

SNapchat620px

Phishing scams are well known within technology circles, but this doesn’t mean those in the tech industry are immune as Snapchat discovered in February.

Snapchat, for those of you who are not aware, is a social media app which allows users to send each other photos and videos with a limited viewing time. Once that time is up then the media disappears forever. It’s proved to be phenomenally successful and the company is estimated to be worth $20 billion.

However, even with the funds available to invest in state of the art cyber security, they still found themselves falling foul of a good old fashioned phishing scam. We are going to show you what happened in order to equip you with the knowledge needed to avoid a similar occurrence.

How Was Snapchat Hacked?

6357613873537576411298140331_snapchat-app_500-100224643-large.imgopt1000x70

The hack at Snapchat used a relatively simple phishing scam to gain access to sensitive employee data. The payroll department at Snapchat received an email which claimed to be from the company’s CEO requesting payroll information on employees. Unfortunately for the payroll department, this email was not genuine. It was a scam.

Not realizing the fraudulent nature of the email, an employee duly forwarded the required information to the hacker. The nature of the data disclosed has not been confirmed by Snapchat, but it’s suspected that it would include the following:

  • Bank details
  • Social security numbers
  • Salary information
  • Personal ID and addresses

Why Do People Still Fall for Phishing Scams?

Computer-Hacker

It may seem strange that such a master of modern technology can fall victim to such a simple phishing scam, but it’s by no means unthinkable. These scams have evolved over time to become more sophisticated and it’s often their simplicity which makes them so deceptive.

In the case of the email sent to Snapchat purporting to be from their CEO, it’s more than likely that it genuinely appeared to have been sent by the CEO. With even the most basic software, it’s possible to fake outgoing email addresses and, if I wanted, it wouldn’t be difficult for me to send an email apparently from bill.gates@microsoft.com

And although this particular Snapchat employee was left thinking “I should have known better”, they most likely thought they were being a helpful employee and were keen to impress their CEO. However, it’s this type of tempting payoff which makes phishing scams so hard to resist.

The Aftermath of the Scam

To Snapchat’s credit, they responded fairly quickly and within four hours they had managed to confirm this was an isolated attack. A report was filed with the FBI and employees affected by the scam were offered two years’ worth of identity theft insurance and monitoring. More importantly, Snapchat underlined their determination to increase the intensity of their security training within the next few weeks.

Snapchat’s case highlights just how vulnerable even multibillion dollar corporations can be when confronted with even the simplest hacks. The importance of good quality security training which focuses on even the most intricate details of phishing scams is paramount to ensure yours and your customer’s data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ransomware Locky Holds Your Data Hostage

Security,
05
Apr 2016

Computer virus.

Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.

Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?

You’d be VERY frustrated and VERY annoyed!

Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!

What is Locky?

Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.

The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.

Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.

How Do You Get Infected By Locky?

virus-infected-word-file

Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:

  • Users open the file to discover it’s full of nonsensical text and symbols
  • A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
  • If macros are enabled then this runs software which saves a file to the hard drive and then executes it
  • This file then downloads a final piece of software – Locky
  • Once Locky is downloaded to the system it starts scrambling files to the .locky extension
  • Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom

How to Protect Yourself From Locky

 virus-protection-services-melbourne-transit-data-about-us

Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments.  However, there are a couple of other tips to help protect yourself:

  • Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
  • Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Are Apple Computers Immune to Viruses?

Security, ,
29
Mar 2016

fva-630-skull-and-crossbones-computer-virus-hacking-credit-shutterstock-630w Compared to Windows PCs, Apple’s Mac computers have always been relatively virus free. However, a recent security attack has proved this is no longer true.

March 2016 saw a significant attack on Mac users which involved hijacking the Transmission BitTorrent app in order to deliver ransomware to its victims. It sounds like your stereotypical Windows attack, but why is it now happening to Macs? After all, the general consensus has been that they’re immune from viruses.

Seeing as Macs are very important to a huge number of businesses, I’m going to investigate this latest attack to analyze how it occurred and what it means for Mac users.

The Nature of the Mac Ransomware

computer-viruses

The unknown attackers used ransomware in their attack against Apple users and it’s a type of cyber-attack which is becoming increasingly popular. In this instance, the hackers were able to gain access to users’ systems through the Transmission BitTorrent app. This allowed the hackers to download malicious software onto the Macs. This software literally held the Mac users to ransom by encrypting their files and demanding $400 to release them.

How Did Apple’s Guard Drop?

For a very long time, Apple users were confident that Macs were safe from cyber-attacks. And for a long time this was generally true. This, however, wasn’t down to cutting edge security technology.

The truth is that hackers didn’t have much interest in targeting an Apple Mac. The reason for this is that Apple has a much smaller share of the market than Windows PCs. Why would a hacker want to spend their time writing software which could only target a small number of users?

This fact perhaps led to a sense of complacency on Apple’s part, so they weren’t expecting vulnerabilities in their operating system to be exploited so easily. Unfortunately, Apple’s Gatekeeper security software has, itself, been shown to contain numerous back doors through which hackers can cause chaos.

One of the main routes into Apple’s system is by tricking it to accept pre-approved developer certificates which have been faked. This allows users to download software which isn’t produced by who it says it is and, therefore, can’t be trusted. And this is exactly what happened with the Transmission BitTorrent app.

The Future for Apple Security

mac-shield

This recent attack is not the first security scandal to hit Apple. In 2014, there were around  10,000  – 70,000 attacks on Mac computers per month, but this rose dramatically in 2015 and is set to multiply significantly in 2016.

These figures are very startling for Apple, so it’s crucial that they take a look at Microsoft’s approach to internet security. Due to their dominance of the computer market, Microsoft has had to ensure their PCs are resistant to attacks. Steps taken have included:

  • Working with hackers to understand how they have attacked Windows
  • Offering cash rewards to anyone who finds new security flaws in Windows

It’s essential that Apple take a long hard look at their Gatekeeper software and evaluate how it can be improved. If they don’t they stand to alienate their customers if ransomware attacks continue.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

No More Passwords: Could Passwords Become Extinct?

Security,
23
Feb 2016

No more passwords

We’re all used to creating and remember passwords when working with sensitive data, but could Google make the password a thing of the past?

Passwords are essential when it comes to working with PCs due to the amount of confidential data that they may contain and process. When it comes to business usage, it’s likely that you’re going to need several different passwords to access all your software and hardware needs.

Google, keen as ever to re-invent the digital wheel, has decided that perhaps it’s time to approach data security in a different manner. That’s why they’re trying to implement smartphones as the key factor in accessing data.

Let’s take a look at why Google are doing this and how they plan to achieve it.

The Problems with Passwords

Facebook-Password-Sniper-v1.2-Hack

You’re probably well aware that passwords are inconvenient. After all, the number of passwords you need to use on your PC at work can become disorientating, so it’s no surprise when you forget them. As a result you’ll tap in a couple of guesses and find yourself locked out. It’s then down to your IT team to manually reset your password.

Aside from this inconvenience, though, there are a number of reasons why passwords are not the best way of securing data:

  • Many users use the same password for all their accounts to avoid having to remember numerous passwords. It’s a nice, quick solution but if their password is hijacked then it compromises all their accounts
  • Hackers are able to use spyware and keystroke loggers to easily steal users passwords without them knowing
  • Password reset questions are often very easy to guess, so this offers an easy route into your systems for hackers

There are obviously problems with relying on the humble password, so how are Google going to take security to a new level?

No More Passwords

gmail-password-forgot

Google plans to eliminate the need for passwords to access your Google account by tapping into the modern obsession with smartphones.

Here’s how it’s going to work:

  1. You’ll head over to the Google sign in page and enter your email address as per normal.
  2. At this point your smartphone will receive a notification message asking you to confirm your login.
  3. Once you authorize this – with one tap of the “YES” button – your device (be it PC, tablet or smartphone) will be given access to your Google account.

And don’t worry if your smartphone has run out of battery or you’ve lost it. You’ll still have the option to use your password to login to your Google account.

What Does This Mean for Your Business?

Google’s vision paints an interesting future for your business and the way in which you protect your computer systems. It also highlights the lack of security behind passwords and how you need to ensure that your business is well protected from the threat of hackers.

If Google’s trial is successful then it’s likely that we’ll see this new approach to security filtering into the business world fairly quickly. And not only will it protect your data’s security, it will also reduce the amount of man hours spent resetting passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Important is Cloud Security for Small Businesses?

Security,
09
Feb 2016

Cloud Computing

Cloud computing allows you to run programs and store data on the internet and is a world away from the traditional method of physical installs and servers.

It offers flexibility, enhances collaboration and reduces overheads, but many businesses are wary of cloud computing. Sure, it’s a new way of doing things, so this is always going to induce a little anxiety. However, there have also been numerous headlines about the cloud’s security which has raised concerns.

To try and sort the myths from the facts, We’re going to take you through the security aspects of cloud computing.

Cloud Security Breaches are Big News

We’ve all heard a scare story about the cloud becoming breached and the most famous of these is probably ‘The Fappening’ which saw Apple’s iCloud breached to obtain personal photos of celebrities.

The Fappening, naturally, was distressing for those celebrities involved, but also brought to the public’s attention that maybe data isn’t that secure up in the cloud. Matters haven’t been helped by similar concerns being raised such as the possibility that stealing millions of Apple iCloud passwords can be achieved with a simple phishing email.

However, there are always going to be hackers, so is it fair to label cloud computing as a proposition which is too risky? Or is it just a simple case of monitoring the cloud’s security as you would any other type of network?

A Secure Provider is Essential

cloud_swiss_army_knife_nobg

With cloud computing being a relatively new phenomenon it’s not a surprise that there’s a little ambiguity over whom exactly is responsible for what. Cloud vendors are more than happy to provide you with the infrastructure to start cloud computing, but the levels of security are going to vary between providers.

Many cloud vendors may expect your in-house IT team to take on at least some of the responsibility for your cloud network. The problem is, though, that cloud computing is such a new form of networking that most in house IT teams simply don’t have the necessary knowledge to secure their cloud effectively.

Therefore, with the threat landscape ever expanding, it’s important that you identify a cloud vendor who can provide a fully experienced team of personnel to monitor the cloud’s security. The costs, obviously, will increase, but for the peace of mind it brings, it’s relatively small change.

Increasing Your Cloud Security In-House

cloud_security

Now, I know that I just said it’s not a good idea to take on cloud security yourself, but there are certainly ways you can help maximize it at your end!

Remember that your whole network can become compromised by the smallest mistake. This is why it’s essential that you take the following steps:

  • Remind staff of the importance of choosing strong passwords. I always feel that it’s a good idea to insist on the need for a number, symbol and uppercase letter in a password. It may mean that they’re harder to remember, but it also means they’re harder to guess.
  • Increase the level of authentication required for even the most basic applications e.g. instead of just asking for a username or password, follow this up with the need to enter a code sent by SMS to approve access to certain network areas.

Should You Move to the Cloud?

The cloud is, undoubtedly, the future of computing and will prove to be a significant factor in businesses remaining competitive. It’s always difficult to break from the traditional methods of working, especially with security concerns ever present, but as long as you ensure security is tight then it’s the logical step forwards.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 36 37 38 39 40 48