You’ve Been Hacked! Now What?

Millions of Americans have had their personal information exposed over the past ten years with thousands of small- and large-scale hacks responsible for most. Maybe you opened an email you shouldn’t have or maybe a company that you do business with was vulnerable to cyber attacks. Either way, now you need to figure out what the next steps are and how to protect yourself moving forward.

 

If it is your personal computer that is compromised, then there are several steps you should take to rectify the situation.

 

  • Isolate the computer so it can not interact with other networks. This will prevent the hacker from continuing to be able to obtain files and other information.
  • Shutdown and remove the hard drive to stop it from damaging other files. If you don’t feel comfortable removing a hard drive yourself or you don’t have a spare computer then you may want to take your computer to a reputable professional who can help you.
  • Scan for Problems – Using antivirus, anti spyware and anti malware, scan for problems once your drive has been placed in a secondary computer. Remove all problems from the hard drive.
  • Back up important files if you have not already done so. Copy to a clean drive.
  • Decide on what to do with the old drive. Talk to a professional about scanning, cleaning and replacing the old hard drive back into your computer once it has been dealt with and can be reused safely and without threat to your system.
  • Reload the operating system and all security measures. Update software wherever possible to have the most recent security protocols available.

 

If you are a business owner and you have been hacked it is best to call in the professionals for a thorough investigation, notification to clients and solution to getting your system up and running again. If you have hacking issues or want to avoid them call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

Hacking Methods

Most IT Departments are well aware of hacking as a threat to a company and its precious and sensitive data. Hackers tend to target vulnerabilities such as mobile devices, weakly protected networks and, of course, the ultimate weak link in the business security world – employees who are unaware they are putting themselves at risk to hackers. Let’s look at some of the most common hacking techniques to better understand how to avoid them.

 

  • Bait and Switch – Sure, we used to hear about this method when it came to selling cars but this method is also popular in the world of hacking. Cyber criminals offer “the mark”, something that they’re sure to want, then swap it out for something different when they’re not looking. In the world of cyber crimes this trick has many variants, including pop ups with false info forms, links to unsecure sites and the list goes on. Be sure you are getting what you are requesting to avoid hackers infiltrating your system.

 

  • Cookie Theft – “Cookies” or files are held by sites you visit that keep tabs on what you look at and specific information on you. This information could include: personal and financial data, user credentials, and passwords. Once stolen, cookies may be read or decrypted to reveal your information, or used to impersonate you online

 

  • Denial of Service/Distributed Denial of Service (DoS/DDoS) – This common technique is used to bring down systems or networks by overloading them with login attempts, data requests, repetitive tasks, etc. The goal is to bombard or flood a site with traffic and allows hackers the ability to gain access by filling out forms.

 

Stay tuned as we discuss other hacking techniques next month. As always, call M&H Consulting if you need help protecting your business systems from hackers. Call M&H Consulting at 1-(866)-964-8324 for a free initial consultation.

 

Protecting Your Small Business from Cyber Crimes

In the last few months cyber crimes have been all over the news with the WannaCry Ransomware and other hacking events. It may seem like millions of miles away from your small business, but small and medium sized companies are just as vulnerable as larger corporations. You wouldn’t leave the door to your office wide open all day and night right? You take reasonable precautions to keep your business safe and secure, so be sure to do the same with your website and online data as well. Here are a few tips to protect your small business from cyber hacking and online dangers.

  • Stay Updated – Hacker News online suggests maintaining software and applications that are updated. The newer the updates the better as they will have the latest security.
  • Toughen Up Access ControlThe admin level of your website is an easy way into everything you do not want a hacker to see. Enforce user names and passwords that can not be guessed. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. Never send login details by email, in case an unauthorized user has gained access to the account.
  • Tighten Network Security – Computer users in your office may be inadvertently providing an easy access route to your website servers. Ensure that logins expire after a short period of inactivity. Passwords should be changed frequently.Passwords should be strong and NEVER written down. All devices should be plugged into the network and scanned for malware each time they are attached.
  • Back Up Often – Back up your files on a regular basis to avoid losing data in the case of a breach.
  • Install the Highest Security – Your business should have the highest security protocols from software to employee protocols. If you have questions on how to protect your small business from cyber crimes call M&H Consultants.

Latest Cyber Attack

Just weeks after the WannaCry ransomware was announced, the world has seen yet another disruptive cyber attack. June 27, 2017 a more sophisticated global ransomware attack crippled computers from Eastern Europe to North America. What seems to have originated from a tax software provider in the Ukraine has spread across the continent of Europe and has even impacted Australia and the United States.

 

This attack impacted thousands of computers in a wide range of businesses such as: computers that operated ATMs, radiation monitoring machines at the damaged Chernobyl nuclear plant, and even computers that run chocolate production at the Cadbury company in Australia. What at first appeared to be an amatuer attack is now seen as a much more sophisticated attack that locks up files and demands ransom for access from tens of thousands of computers.

CNN is reporting that this, “ ransomware virus is a worm that infects networks by moving from computer to computer. It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it. EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.”

 

Early research into this attack shows that the cyber criminals hope to to destroy and damage. Unlike the WannaCry attack this latest attack has no easy kill switch. There have only been reports of a kill switch for one version and it is not known if that will be effective. Check back with us as we continue to cover this event.

 

 

Tips on Being Aware of Hacking

Hacking incidents are inevitable and one can never know if you or someone you know will fall victim to it. There are, however, several different ways to stay safe and stay on top hackers before the hacking is even done.

A few of the best ways to do so are:

  • Stay suspicious of emails – Email is used as a great communication platform, but this also makes it a huge security risk. Many cyberattacks happen through email. Phishing sends innocent emails that are meant to trick their victims. It leads them to a fake website asking for updates on their personal information. The best way to stay aware of emails is to check the sender and make sure it is someone you know. You can also check the IP address of the sender.
  • Link locations – Link locations is a huge one. Unknown messages always contain links to unknown sites. When visiting an unknown site it can have major consequences and it usually tends to mimic a familiar site, or it can also simply be unsecure and infected with malware the minute you visit. The best way to know where it is taking you is to copy and paste the link location into a new browser to check what site is on the other side. It is important to know that encrypted sites are always the safest one to visit. You will see HTTPS in the URL, as well as a lock icon on your browser.
  • Two-factor authentication – Two-factor authentication requires users to help enter several entry confirmations such as a code texted to a phone, before entering your password. This is a great way to stop attackers from stealing passwords. Most places now have made it as a standard for logging in.
  • Sharing personal data on Wi-Fi – It is best to stay away from checking your personal information such as checking your bank account, or buying a plane ticket when using internet in coffee shops, libraries or any free public Wi-Fi.

With these helpful tips you will be well prepared to in case of any phishing attack that occurs.

 

Google’s Latest Phishing Hack

Early last month, Google fell under attack in a huge phishing operation.

Many received an email that looked similar to an invitation to join a Google Doc from someone they knew on their mailing list. However, once they clicked the link to open the file, you were then directed to grant access to an app that looks like Google Docs. Instead, this was actually a program that sends spam emails to everyone you have previously mailed.

Specifically, this spam email included the following:

  • Used the name “Google Docs”
  • Used the existing Google login system
  • Bypassed any 2 factor authentication or login alerts
  • Only detectable as fake if you click “Google Docs’ while granting permission
  • Replicates itself by sending itself to all your contacts

This process of sending an email to trick someone into granting access into their personal information is called phishing. It is usually done for malicious reasons, just like stealing a credit card information or tricking someone into sharing their password.

Google released an official statement in which they mention they did indeed resolved the issue. They have removed the fake pages, updated all of their Safe Browsing preferences and system. As a result, they continue to encourage their uses to report phishing emails within their Gmail.

If you have or ever do receive an email like this, do not open it. Always remember to:

  • Change your password every three months
  • Make sure your passwords are long with lower and upper cases letters, as well as special characters such as several symbols and/or numbers
  • Make yourself familiar with the style and fonts and specific uses of Google Docs as it can be incredibly helpful when needed to detect a fake.

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

Tech Life Hacks (Pt. 1)

Technology can be complicated and understanding them can require a lot of work. Because of this, there are many tech hacks available to help make our technology experience easier and our overall lives easier through technology. Since there are so many hacks available, we have split these lists into a two-part series. Here is the first set of tips to help you get through your technology uses; stay tuned for the next set!

For quick browsing:

Type on “CTRL” and “Enter” at that the same time after typing a domain on the URL bar and the “.com” will appear.

For capitalization purposes:

Highlight a word or phrase and press on “Shift” and “F3” at the same time to switch the capitalization through lowercase, all uppercase and first letter capitalization. Unfortunately, this hack is only useful for PC devices.

For slideshow presentations:

When saving PowerPoint presentations, try saving it as “.PPS” rather than the standard “.PPT”. By doing this, you will be able to skip a step and automatically open your presentation as a slideshow whenever the file is opened.

For your headphones:

To keep your apple headphones handy and safe from getting tangled all up, stick them onto your macbook while doing work. Confused? Well, apparently the Headphones are able to stick onto macbooks like magnets.

To help you differentiate between left ear bud and right ear bud, and skip the misplacing process that can be uncomfortable, try painting or marking each ear bud with different colors.

Test these hacks out and stay tuned for the next set!

Hacking- A Year in Review

 

Over two billion records were stolen in 2016 alone. Unless you have been hiding under a rock for the past year, it has been hard to miss the reports of major hacking that impacted our American economy and our global one as well. From the 2016 U.S. elections to banks to medical records – hackers were able to breach large corporations(public and private)  and small businesses with equal skill. Let’s take a quick look and review the hackings that made the headlines this year. Visit our blogs again in the coming weeks as we discuss methods for you and your company to protect yourselves from hackers.

Feb 2016 Department of Justice –  Kicking off the year the Department of Justice was compromised. Hackers angry about U.S. relations with Israel tried to call attention to their cause in February 2016 by breaching the U.S. Department of Justice’s database. CNN reported the hackers released data on 10,000 Department of Homeland Security employees one day, and then released data on 20,000 FBI employees the next day. A full week went by before the department realized the hack had occurred. While no sensitive data was believed to be lost it brought attention to the fact that even the US is not immune to hackers.

May 2016 LinkedIn – Social media giant LinkedIn was compromised this year when 117 million email and password combinations stolen by hackers four years ago popped up online.It is not clear who stole the information or published it online, but LinkedIn is actively working with law enforcement officials.

November  2016 AdultFriendFinder– This X-rated website, was targeted by hackers for the second time in two years. This time, though, the amount of accounts compromised was immense — approximately 412 million users had personal information stolen and published in online criminal marketplaces.

 

screen-shot-2016-11-18-at-8-34-47-amInformation is Beautiful has been tracking Data Breaches since 2004.  This year saw the largest spike in hacking and the largest number of files stolen or compromised. Here is a quick screenshot of the latest breaches. They tally in real time and keep track of breaches daily.

Protect your Identity on Social Media

You probably have heard of many people getting “catfished” or of people “catfishing” others. This is one form of identity theft that usually comes about through a social media network with photos and identity information taken from other strangers’ profiles. The act of being catfished may not sound as serious to some. After all, it is social media, where pictures are easily taken; that’s what you sign up for when you create an account, right? Wrong. There are many things that can go wrong: someone can ruin your reputation by using your image or, even worse, gather information to piece together and create financial fraud, or any other serious identity theft crimes. But, don’t panic or go off to delete all of your accounts! We have some tips to help you stay safe.

Set your account to private. Keep all strangers from getting information about you. While doing this, go through the entire privacy setting to make sure everything you want to keep private stays that way. If you come across a setting you don’t understand, keep them closed anyway; it’s better to be safe than sorry.

Don’t give strangers access to follow you online. If you don’t know who those people are, you don’t know what their intentions may be in following you or adding you as a friend. After all, all it takes to file a fraudulent tax returns is a name, birth date and social security.

Use a hidden name. This can be a middle name or a nickname that only your friends and family would know, so that they can still find you online or know who you are.

Be aware of the content you are sharing. Make sure you are not mindlessly revealing the answers to your security questions online. Also, try not to post images that show the layout of your home so that strangers can’t figure out where you live. Avoid sharing your location and birthday, if possible.

Avoid clicking on random links on social media. This includes those random social media quizzes. Many times, those links can carry malicious and invasive codes along with them that can infect your account or, even worse, your technology.