Phishing emails are the scourge of our inboxes and there seem to be more and more each week, so what should you do when you receive a phishing email?

The aim of phishing emails is for the sender of said emails to obtain sensitive information from the recipient. This goal is realized by cleverly disguising the email to make it look as genuine as possible and, therefore, gain the recipient’s trust. Data targeted by phishing emails usually relates to sensitive details including login details and passwords. And this data leakage can cause serious harm to businesses with the average cost of a phishing attack on a medium sized business costing around $1.6 million.

No organization that wants to remain productive and competitive wants to deal with the chaos of a phishing attack, so we’re going to take a look at what you should do when you receive a phishing email.

Do Not Open Phishing Emails

The best way to avoid the dangers of phishing emails is very simple: Don’t open them! This, of course, is easier said than done as phishing emails have become incredibly sophisticated over the years e.g. spoofing email addresses. However, if for any reason whatsoever you do not recognize an email address or there’s something unusual about the email subject then it’s always best to err on the side of the caution. Instead, move the cursor away and get your IT team to investigate it before going any further.

Leave Links Well Alone

Opening a phishing email isn’t enough, on its own, to activate the malicious payload, but it’s very simple to do so. Phishing emails often contain links which, once clicked, send the user to malicious websites where malware is automatically downloaded to the user’s PC. This malware is usually very discreet and is able to run silently in the background where it is able to log keystrokes or even take control of the user’s PC. So, remember: if you don’t recognize the sender of an email, it’s crucial that you never click their links.

Don’t Respond

Phishing emails will often try to gain your trust by establishing a connection, so you need to be mindful of these deceptive tactics. By hitting the reply button, for example, you’re demonstrating to the hacker that not only is your email account active, but that you’re willing to engage. And, if a phone number is provided, never ever ring it as it will involve further social engineering and potentially a very high phone charge to a premium member. It may be tempting to respond, but always say no and move away from engaging.

Report the Email

Any form of hacking represents a serious threat to the security of your organization, so it should be every employee’s duty to report a phishing email as soon as possible. This allows your IT team to analyze the email and its contents before taking action. This could be as simple as deleting it securely or telling you that, actually, it’s safe to open. Ultimately, shared knowledge allows your entire organization to stay on top of phishing emails, so, even if you’ve clicked something you shouldn’t have, report it immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Virus Spreading over USB Thumb Drives

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

autoruninf_thumb

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

  • Worm –a program that replicates itself by exploiting vulnerability on a network.
  • Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
  • Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
  • Spyware -designed to covertly spy on a user and report information back to the originator.
  • Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

Turnoffautoplay_thumb

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More


binary stream

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

Zero-day Internet Explorer Exploit CVE-2014-8967

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

Windows_XP_End_of_Support

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP.  An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

For more ways to secure your systems, contact your local IT professionals.

Read More


Locked_Computer

Cryptowall can bring your business to a screeching halt. Here is how you can protect yourself against what’s becoming the most malicious malware of 2014.

You don’t need to end up in trouble.  We’ve outlined some very important guidelines on what to do to avoid an attack like Cryptowall and Cryptodefense:

  • Scan any email attachments that land on your email account– especially PDF attachments, which can be disguised as either payments, invoices, receipts, complaints and so forth. This is generally how this Trojan enters the system.
  • Avoid clicking on any advertisements– not only does this attack happen through attachments, they have also been identified through infected banners on different web pages. Avoid clicking on them at all costs!
  • Avoid mapping drives directly to servers– For any person with administrator rights, if you’re working from your computer, aim to use remote access tools as needed. This will help reduce risk to the servers directly.
  • Lock down admin users– assign user accounts by name, so that if an attack happened, the user’s account can be frozen to avoid its credentials being for further used for unauthorized installations.
  • Verify Backups– a backup is only good if it’s one that can be restored. Test your backups regularly.
  • Off-site or offline backupshaving these will reduce the chances of suffering from a single point of failure due to such an attack. Please note that mapping Dropbox on your computer can still make it subject to this attack.
  • Whitelisting approved software– you can find tools and systems that can help you with these. You can specify what can run on any system on the network.
  • Utilize Windows Group or Local Policy Editor – Software Restriction Policies can be created to stop executable files from running on any given path.
  • Have a Bitcoin account set up in case nothing else works. Being prepared can help you save time.

Here’s what you can do if you find yourself compromised:

Like they say, prevention is better than a cure.

For more ways to protect yourself and your business from malicious attacks, contact your local IT professionals.

Read More


Onsite PC Solution Detect Bitcoin Mining Software

Does your computer seem to running much slower than usual? If so, someone may be using your computer’s processing power to mine bitcoins.

This is precisely what bitcoin mining viruses do, yet many of them can be detected with antivirus programs. Malwarebytes is highly recommended for this purpose. Whether your antivirus program is Malwarebytes which we recommend or something else, running a scan every so often will allay infection concerns.

Another way to detect bitcoin malware is by looking at the processes running on your PC. In Windows, hold down the Ctrl and Alt keys while pressing Delete. This will give you the following menu:

Starting-Windows-Task-Manager-CTRL-ALT-DEL

Select Start Task Manager from the list of options.

windows-task-manager

In the Task Manager, select the Processes tab as shown above. Check for any that have unfamiliar names, use a lot of memory or a high percentage of the CPU. You can sort the list by memory and CPU usage by clicking the CPU and Mem Usage  column bars at the top. Look up any process with an unfamiliar name on Google.

If the Google search reveals the name to belong to a rogue process, here’s how to remove it from your system.

In addition to being detected by antivirus scanners and causing your PC to use too much of its resources, bitcoin mining viruses can possibly make your computers use more electricity.

All managed services clients are automatically protected against processes that use too much CPU, including bitcoin malware.  Although bitcoin mining software on your PC isn’t likely to damage your files, you should always be running a backup to keep your files protected from catastrophic data loss.

For more information, consult your local IT professional.

Read More