When did you last update your firmware?

By EDITOR

Most IT consultants constantly remind clients of how important it is to update and patch their software, but neglect the importance of updating hardware. We don’t mean replacing it with new hardware; we mean updating the applications and settings coded into the physical IT powering every modern office.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Posted in Uncategorized | Leave a comment

The phishing craze that’s blindsiding users

By EDITOR

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

 

Posted in Uncategorized | Leave a comment

Is the government really spying on you?

By EDITOR

Wikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and…TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Posted in Uncategorized | Leave a comment

Why you need to update Microsoft Word

By EDITOR

Microsoft Word is a staple business application. But since so many people use it on a daily basis, hackers work tirelessly to expose and exploit flaws in the system. In fact, cybercriminals stumbled upon a Word vulnerability that puts your sensitive data at risk. Read on to learn more about the exploit and what you can do about it.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Posted in Uncategorized | Leave a comment

Networks: Software-defined vs virtualized

By EDITOR

If knowing is half the battle, virtualization is one for the ages. With more than a decade of history, it’s a tough topic that business owners would be hard-pressed to ignore. Over the years, the terminology has changed and capabilities have gotten even more confusing. If you’ve ever heard anyone use software-defined networking and network virtualization interchangeably, it’s time we set the record straight.

Software-defined networking (SDN)

Managing storage, infrastructures, and networks with high-level software is something IT technicians have been doing for a long time. It’s a subset of virtualization and it is one of the oldest strategies for optimizing and securing your IT hardware.

Despite its popularity, SDN does have one major drawback — it needs hardware to do its job. SDN allows you to control network switches, routers, and other peripherals from a centralized software platform, but you can’t create virtual segments of your network without the hardware that would normally be required outside of an SDN environment.

Network virtualization

Evolving beyond SDN was inevitable. Whenever a technology can’t do it all, you can bet someone is working hard to fix that. Network virtualization uses advanced software solutions to allow administrators to manage physical hardware and to create virtual replicas of hardware that are indistinguishable to servers and workstations.

Network virtualization simplifies the field of network design. You can reduce spending on expensive hardware, reconfigure network segments on the fly, and connect physically separate networks as if they were in the same room.

A virtualized network may sound like an exciting technology that doesn’t have much use at small- or medium-sized business, but that’s exactly the beauty of hiring a managed services provider! We provide enterprise technology and advice as part of your monthly service fee. Call today to find out more.

Posted in Uncategorized | Leave a comment

Cloudbleed: Your data could be at risk

By EDITOR

A small error in Cloudflare’s code has spilled millions of login credentials, personal information, and cookies all over the internet. The bug, known as Cloudbleed, was discovered by the internet security company last month, and since then, they have worked to mitigate the security risks. So far, it appears that hackers have yet to exploit this vulnerability, and that’s why internet users have to remain vigilant. Find out what Cloudbleed can do and how you can stay safe.

What is Cloudbleed?
Although it’s technically similar to Heartbleed, a bug that compromised millions of websites and accounts, Cloudbleed is less severe. Google security researcher Tavis Ormandy discovered that several Cloudflare-hosted websites, including Fitbit, Uber, and OkCupid, were inadvertently leaking customer information and saving them within the source code.

For example, when a person visits a bugged Uber page, the website code could contain data and login credentials from another user who recently visited the page. The data may be hidden between several lines of code, but a skilled hacker can easily find it.

Exploiting it, however, is more difficult. The Cloudbleed bug collects random bits of data, which may or may not contain any sensitive information, making it a less attractive point of attack for cybercriminals. Over time, a cybercriminal may be able to compile enough information to exploit, but it doesn’t seem to be a viable option for targeted attacks.

The response
According to Cloudflare, Cloudbleed was triggered 1,240,00 times and found in 6,400 websites between September 22 and February 18. After the bug was discovered, the internet security company quickly alerted affected websites, fixed the code, removed cached pages from search engines, and monitored client websites for any strange website activity.

Cloudflare-hosted websites also checked what data was leaked and reassured customers that there was minimal impact to their private information.

What can you do?
While Cloudflare and other companies are telling everyone that the possibility of Cloudbleed attacks and password leaks is low, you should still ensure your account is safe.

Start by setting stronger passwords with a combination of letters, numbers, and symbols. Make sure to set unique passwords for every online service, especially for any of your accounts that use Cloudflare. Whenever possible, use two-factor verification to keep your account secure even if someone gets a hold of your password.

And, last but not least, contact us for any cybersecurity, cloud, and website issues. We aim to make your internet and cloud experience as safe as possible.

Posted in Uncategorized | Leave a comment

Firewalls: hardware vs. software

By EDITOR

Most people have a vague idea of what a network firewall does. But some business owners are easily fooled by promises of quick and easy solutions that can be installed and managed right from your desktop. In the software vs. hardware debate, there’s a clear winner when it comes to your security. Let’s take a look at what the differences are and why they matter.

Software firewalls

Calling a piece of software a “firewall” is a bit of an exaggeration. Installing it on a local hard drive is more like locks on a door than impenetrable walls. When data is scanned for threats by a software firewall, the information it contains has already been passed through your router, network switch, and finally your local hard drive.

Once the whole cycle has finished, software firewalls can prohibit risky activities based on blacklisted IP addresses, known malware definitions, and suspicious application requests.

Although these solutions do have value, they can’t guarantee that malware won’t spread to other systems before each packet of data can be scanned, unless they’re standing guard at your business’s gateway to the internet. And whenever the computer with the firewall is powered off, everything it protects is left unguarded.

Hardware firewalls

Because the drawbacks of a software-based firewall are centered around their inefficient network position, a hardware solution is the safer option. Hardware firewalls sit directly behind your router, so every single packet of data coming from the internet must pass through your gatekeeper before landing on any of your internal drives.

Most of these solutions include far more sophisticated controls than just web filtering and basic data scanning. Like most developments in the IT industry, newer hardware firewalls focus on “intelligent” functions that analyze huge datasets to recognize malware and cyberattacks based on irregular activities instead of relying solely on cataloged viruses and attack vectors.

Another benefit of hardware firewalls is that they’re always on. There’s no need to worry about whether the workstation hosting your solution will crash because these devices are built for 24/7 protection. The only downside to this type of solution is the level of monitoring and maintenance it requires. Hardware firewalls are extremely complex and managing them is no easy task.

“Cloud” firewalls

The most recent, and undoubtedly best, solution to network perimeter security are “cloud” firewalls. These are on-site pieces of hardware with software interfaces that can be managed remotely by certified security professionals.

This service model means that experts will monitor your network performance and security for anomalies while your team goes about its business as usual. No need for onsite tweaks and updates — all of it can be done remotely.

You may hear a lot of experts telling you that the age of on-site hardware has passed and everything can be done in the cloud. Remote administration may be the next wave in network services, but the need for hardware will never go away. If you need someone to manage your physical devices, contact us today.

Posted in Uncategorized | Leave a comment

Mobile malware on Android apps

By EDITOR

Smartphones are basically palm-sized computers. As such, they deserve the same protection as desktops and laptops. While there is no need to install bulky security software to protect against cyber threats, there are steps users can take to prevent cybercriminals from penetrating these small computers.

Mobile malware MO

Malware and other threats pose risks that are as harmful as those that infect desktops and laptops. Some of the threats include messing up your phone bill, ruining your mobile phone’s data, remotely locking and unlocking devices, intercepting messages, prompting fraudulent log-in commands, and sending fake notifications, among others.

Most malware comes from applications downloaded from third-party app stores. Once a phone is compromised, the hacker will have access to passwords, user accounts, and other sensitive personal data. Since some Android devices are linked, there is also more than a passing chance that bugs on one device find their way to linked devices.

Who is responsible?

The burden doesn’t fall solely on smartphone users; app stores such as Google Play Store are responsible, too. Some of the infected banking and weather forecast apps that were widely reported were downloaded from the Google Play Store. Aside from taking swift action against the apps, infected companies were urged to provide as much information and updates as possible regarding the malicious applications so they could be removed from the store to protect users.

Of course, Android users are responsible for their own safety, and there are several measures they can take to avoid becoming victims.

How to avoid being victimized by malware

Yes, the Google Play Store isn’t 100% secure, but downloading from the Google store and other more established app stores — and not from little-known and less secure third-party stores — reduces the probability of downloading malicious apps. In case an infected app makes its way to the store and gets thousands of downloads, Google is usually quick to remove the threatening app from their environment and block other malicious entities.

It also pays to read the user reviews. Despite app stores’ best efforts, the proliferation of apps in today’s marketplace makes it nearly impossible to prevent mobile malware from getting through to the store and, afterwards, users’ device.

If an app poses significant risks, someone is bound to post a review or a warning. Regularly updating your mobile device’s software also helps prevent attacks, as the latest software version often comes with stronger security patches or quick fixes.

Malware doesn’t discriminate. Regardless of your computing or communication device of choice, it will find a way to infect and destroy. Ascertain your business devices’ safety by consulting our security experts today.

Posted in Uncategorized | Leave a comment

Microsoft Teams is updated and ready

By EDITOR

Prior to the release of Microsoft’s version of Slack — a popular cloud-based team collaboration tool –, Microsoft Teams received a major update that might have given it the competitive edge. Enhanced communications aren’t the only way productivity will be driven; take your business to greater heights with these new features.

Smarter meetings
The latest addition to Microsoft Teams is Scheduling Assistant, responsible for finding the ideal time to schedule a meeting. It takes into consideration the schedules of all members, and suggests the best possible time for all attendees. Needless to say, whereas Teams allowed users to schedule only intra-team meetings, Microsoft now supports one-on-one meetings. If you want to steer clear of Skype, read on.

Bots, bots, and more bots
With the latest update, bots are now capable of tapping into conversations happening in a team as opposed to a separate chat. To activate team bots, simply type “@” and begin interacting with the bot from there. Microsoft is also working on adding a Bots tab to Teams. This allows you to keep track of all the bots that have been added to a certain team while allowing you to discover new tabs as well. Other bot-related improvements include:

  • New bot gallery – the gallery displays a complete list of all the available bots on Microsoft Teams. Alongside the gallery is where you can add bots to one of your teams.
  • Discover bots via search – simply click on the search bar at the top and select “Discover bots”. From there click on a bot to start chatting, or click “Add” to add it to a team.
  • Add a bot with an @mention – to add a bot to a channel, simply type “@” in your compose box, then select “Add a bot”

Public teams
With public teams, anyone from your organization can join the team, unlike the private teams which are open only to specific members. Public teams will show up when a user is trying to join a new team, and you can also turn your existing private team into a public team (and vice-versa).

When it was launched in November 2016, Teams was a relatively minimal service. But in just four months, it’s become a lot more powerful and stable. Microsoft Teams has been available to Office 365 Business Essentials, Business Premium, and Enterprise E1, E3 and E5 users since March 14th. If you have any questions, don’t hesitate to give us a call!

Posted in Uncategorized | Leave a comment

Some ransomware strains are free to decrypt

By EDITOR

Ransomware is everywhere. Over the last couple years, dozens of unique versions of the malware have sprung up with a singular purpose: Extorting money from your business. Before you even consider paying for the release of your data, the first thing you must always check is whether your ransomware infection already has a free cure.

The state of ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie ransomware is easy to defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Prevention

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks — hand it over to us and be done with it. Call today to find out more.

Posted in Uncategorized | Leave a comment