Cyber Attack Trends to Watch out for

With all new technology trends come new cyber attack trends. According to an article in TechRepublic.com, 90 million attacks will hit tech users in a year and 70 percent of them will go unnoticed! Because of this, we have searched for the patterns of cyber attacks to be on the look out for years to come. Here is what we found:

Ransomware will continue to rise:

There have been many cases of ransomware in the past and they are expected to rise as a security problem in taking advantage of vulnerable servers. A large part of the reason for its rise is because this is one of the easiest ways of getting confiscated data back; you just pay the ransom.

Rise in attacks on Industrial Control Systems:

Let’s face it; many of our Industrial Control Systems are past the outdated stage of technology. Because these outdated systems were not designed with cyber security in mind, they are expected to be a security issue for the future.

More Sophisticated Spear Phishing:

With more sophisticated spear phishing, it will be more difficult to tell which emails should be avoided from those that are legitimate. Spear phishing emails are no longer as simple as a scam link being sent and asking to be clicked on. They are disguised as important business/company emails.

Hacking on Internet of Things:

Because the Internet is being applied in every device, even those, which were not originally built to connect online, many every-day appliances are expected to be hit with cyberattacks. These devices can be anything from an app-controlled coffee maker to self-driven vehicles. With these devices, privacy is limited once they are hacked. Hackers can get access to your home and business through these technologies.

Simply being aware of these cyber attack trends is not enough. Security measures need to be taken in order to prevent such attacks. For information on how to get ahead of these attacks, contact M&H Consultants!

Pesky Pop Ups

They are every computer user’s arch nemesis – the dreaded pop up ad. While pop ups are a major hassle when you are trying to focus on your work, they are also a potential danger to your computer’s health. While pop up ads  are intended to drive traffic to a website or gain email lists, they can also be pornographic, a marketing ploy, spam or just plain ol’ unnecessary. Some pop ups even claim that your system is infected and to take action immediately. None of us need this nonsense in our lives. So let’s look at the danger of pop up ads and how to effectively neutralize them.

 

Some pop ups are not merely meant as advertising but have a more sinister function. Cyber criminals use these programs to distribute adware, spyware and more destructive types of malware. Clicking on or opening one of these pop ups could install a Trojan horse that unloads other malicious applications on your system or a keystroke logger with the ability to access any confidential data from tax information and passwords to your bank account.

 

Due to the maliciousness of some pop up ads, users can never be too careful when it comes to dealing with them. Interacting with pop ups can be a tricky deal so it is best to avoid getting them to begin with. There are several options computer users can take to  prevent these pop ups. If you can afford to buy pop up blocking software, that may be your best bet. However, there are free programs out there as well as steps that you can take on your own to block these unwanted ads from showing up in the first place.

 

For Chrome users Google has several pages giving specific directions on blocking pop ups. Read more HERE.  For Firefox and Internet Explorer users here are some directions to get started. If you have multiple interfaces or have had no luck getting rid of these malicious pop ups call M&H Consulting for the expert help to keep your computers protected.

Should You Worry About Smartphone Viruses and Malware?

 

How much do you rely on your smartphone? Well, if you doubt for a second the amount you use it, think of those breath-catching moments when you have misplaced it or dropped it. Shocking how quickly we all panic about our phones, right? Those are the moments you realize that you would have trouble getting through the day without it. Should you then, worry about other risks to your smartphone – take for example viruses or malware?  

 

The answer is yes, smartphones need protection as well. Your smartphone is essentially a pocket-sized computer that holds your valuable personal data, important documents and other files. Most likely you do not want some viruses to lay waste to your data. Here are some quick tips that can help keep your smartphone protected.

 

  • Download a mobile security app to catch those pesky “phone viruses.” Your phone’s app store may offer free anti-virus software.
  • Be judicious about what apps you download. Download an app or document only if it comes from a trustworthy source, such as your phone’s app store. Downloading apps from third-party websites may put your phone at risk.
  • Be careful about where you download apps – are you in a secure area?
  • Put a PIN or password on your smartphone and keep it locked when it’s not in use. Your phone may also have a lock pattern feature, fingerprint password or facial-recognition lock.
  • Stay away from suspicious websites when browsing the Internet on your phone. Viruses can be installed on your phone through malicious websites. If you receive an unexpected email or text message with a link in it, don’t click on the link.
  • Avoid modifying your phone in ways that weren’t intended by the manufacturer. This modification, also called “jailbreaking,” makes it easier for viruses to slip into the device.
  • Encrypt the files and data stored on the phone. Some phones have built-in data encryption that protects your data from prying eyes. Encryption usually shields documents, contacts, calendars, media files and email attachments. It also works for data stored on the phone’s memory card.
  • Avoid connecting your phone to unsecured wireless networks.

Finding the Root Cause of an IT Problem

Do you ever think you have gotten rid of a computer virus just to find your computer acting the same way as it did when you had the virus? We have all been there. The reason why this happens is usually because you have actually taken care of the symptoms rather than the actual root cause. Because this is such a common issue, we have decided to go through a few steps to help you find out the root issue to your IT problem and how to prevent them from reoccurring.

We have combined a few steps to help analyze the root cause. Read along to find out.

  1. Find out what the issue is.

You have to first figure out what the symptoms are in order to figure out what the problem is.  For example, if your computer is infected, ask yourself, “why is it infected?” You may figure out that it is because your malware program is outdated.

  1. Find out why the problem exists.

This step doesn’t necessarily give you the root cause of your IT problem but, it could definitely be a first step direction to it. In continuation with the first example, here are a few questions you can ask yourself to figure it out: (a.) “Why is my antimalware outdated?” Maybe you simply didn’t update the program. (b.) “Why didn’t I update it?” Maybe you forgot to, or the program didn’t offer one. (c.) “Why didn’t the program offer an update?” Maybe there is no longer an update for this version of malware program.

  1. Find out the root cause.

Once you have figured out all the reasons why this problem exists, you are able to determine what the root cause is. Using the example, once you have figured out that you malware program no longer offers an update, you may wonder “why doesn’t it offer an update?” and through research find out that the service company may no longer exist. This means that the virus system kept coming back because you have a program that is no longer working for your system.

After figuring out the root problem, it’s important to design a plan to prevent the problem from returning. Maybe, after you figure out that you need to download a new malware, you can design a maintenance plan to remember to check for updates and to see if your malware program is still relevant.

If you need help figuring out what the root cause of your IT problem is, or you need help designing a solution for your problem, contact M&H.

What’s New with Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It is an access-denial type of attack that prevents legitimate users from accessing files[2] since it is intractable to decrypt the files without the decryption key. The use of ransomware scams has grown internationally. Security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013. This number has grown in recent years. In fact, every week seems to bring news of another case of ransomware.

 

In April 2016 The Unites States and Canadian governments released a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked. The US Federal Bureau of Investigation reports that ransomware attacks are not only proliferating, they’re becoming more sophisticated. So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas: 1) Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and

2) The creation of a solid business continuity plan in the event of a ransomware attack. (Source: FBI Cyber Report 4/2016)

 

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, and large businesses are all on the radar of cyber attacks of ransomware. The FBI and US government has given an official guide on what to do in the case of a ransomware attack on your business. Please read on for their suggestions.

 

Prevention Efforts

 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and antimalware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

 

Business Continuity Efforts

  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you don’t know where to begin or need to beef up your security protocol call M&H for a security evaluation and implementation.

Challenges of Ransomware

You arrive at work, boot up your laptop and desktop. Instead of your usual screen, however, there is a hostile message. “This operating system has been locked for security reasons” or “You have browsed illicit material and must pay a fine.” Usually the group who has locked your computer demands money or they will destroy all of your business and/or personal data. Ransomware encrypts all or most of the files on an infected device or network, using mostly Advanced Encryption Standard.This is every business owner’s nightmare. This is the crux of ransomware.

 

How Common is Ransomware?

After first emerging in Russia and Eastern Europe in 2009, ransomware has spread to Western Europe, the US and many other countries, causing high infection rates and a great deal of frustration for consumers. In one monthly study by Symantec, 68,000 computers were infected: the equivalent of 5,700 every day! Of the computers infected about 2.9 percent of compromised users paid out. This may not seem like a large amount but it adds up quickly and fairly easily for the criminals. Techniques have become more and more sophisticated with code built into ransomware programs to tailor messages to the right language and local law enforcement logo, for example.

 

Tips for Dealing with the Challenges of Ransomware

Even if a company does pay the ransom, the cybercriminals often do not restore functionality to the system thus meaning the business has lost the money and the data in one-fell-swoop. The only reliable way to restore functionality is to remove the malware.

  • Have security software installed and, most importantly, up to date with a current subscription. Remember with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad as having no protection.
  • Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverages a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
  • Make sure you are leveraging the full set of protection features delivered in your security product.
  • Do not pay the ransom! Paying the ransom may seem like a realistic response, but it is only encouraging and funding these attackers. Even if the ransom were paid, what guarantees do you have that you will actually regain access to your files?

Most Common Malware

According to CNN Money, there are almost 1 million new malware threats being released daily. If that news isn’t bad enough, they also report that malware is becoming increasingly more creative and hard to detect, even for top enterprise companies. Malware is an abbreviated term meaning “malicious software.” Malware is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. It is also designed to be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. There are a variety of malware such as: adware, bots, bugs, spyware, Trojan horses, viruses, and worms.

 

    • Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. In addition, it is not uncommon for adware to come bundled with spyware (see below) that is capable of tracking user activity and stealing information.
    • Bots are software programs created to automatically perform specific operations. While some bots are created for relatively harmless purposes (video gaming, internet auctions, online contests, etc), it is becoming increasingly common to see bots being used maliciously. For example, bots can create an army of infected computers (known as ‘zombies’) that are remotely controlled by the originator. These bots can send spam emails with viruses attached, spread all types of malware, or they can use your computer as part of a denial of service attack against other systems.
    • A bug is a flaw that produces an undesired outcome. Security bugs are the most severe type of bugs and can allow attackers to bypass user authentication, override access privileges, or steal data.
    • Spyware is generally software that performs actions on your computer with or without approval and many times without you even knowing. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.
    • Trojans are destructive programs that look legit but attack systems as soon as they are opened and executed. Attacks can include pop up windows, or worse, they can allow unauthorized system access for hackers through back doors.
    • A virus is a form of malware that is capable of copying itself and spreading to other computers. Viruses often spread to other computers by attaching themselves to various programs and executing code when a user launches one of those infected programs.
    • Computer worms are among the most common types of malware. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers.

 

 

 

Antivirus vs. Antimalware

There is a lot of confusion about what exactly are antivirus and antimalware, and what which one works best. Well in order to find out what their purposes are, we must clear out what viruses and malware actually are.

A virus is a code within a program that can copy itself over and can cause damage to a computer by corrupting the system and, even, destroying data.

Malware, on the other hand, is a general word for any malicious infection. This includes Trojans, Spyware, worms, adware, ransomware, and (you guessed it) viruses.

Now that this is cleared out, you are probably wondering why antivirus exists when antimalware can take care of it. Well, let’s get into the differences between these two security software.

Antivirus software was created during the uprising of computers and the Internet. Therefore, this security software was created to tackle older forms of infections, like Trojans, viruses and worms. They are programmed to protect computer users from any traditional malware that are predictable and, still, dangerous.  

Opposite to antivirus, antimalware was created more recently as newer threats began to rise. These malware tend to be much less predictable since new ones are constantly being created and released at high speeds. Antimalware seeks out for more dangerous threats than those that antivirus programs are used to handling.

With that said, if you are wondering which one should be used, the answer is both. You want to protect your computer from all malware, whether it is predicted or unpredicted.

If you need more advice on which antivirus and/or antimalware programs are best, contact M&H for help!

Why your PC is Infected, Again

You’ve probably just got through getting rid of a malware issue when, all of a sudden, a new infection has tampered with your computer again. There are many reasons why this happens but one of the main issues could be that you don’t have an efficient security system. There are many different types of malware that can infect your computer in different ways.

Viruses are codes that copy themselves over causing damages to the running system it has hooked onto.

Worms are also codes that copy themselves over but run in the background of your computer rather than hooking onto the system.

Trojans are software that usually gets downloaded because they appear to be one thing but end up turning into something malicious.

Drive-by Downloads is malware that recognizes the weaknesses in your browser and causes your system to become infected.

Adware is usually hooked onto software and uses an advertising delivery system. These are easy to get rid of by simply uninstalling the downloaded software it came with.

Spyware is software that monitors your computer by either tracking the web pages you visit or everything you do with your mouse and keyboard in order to collect any information available.

Ransomware locks down your computer so that you can’t get regular access to certain programs unless a payment is made to unlock it.

Scareware is software that scares you into believing that your computer has been infected and that they have the solution to get rid of the infection if they are paid to do so.

As you can see, digital infestation is getting more and more sneaky and much more difficult to detect and prevent on your own. The best solution for this madness is to run valuable security systems in your computer. For more information on this and other ways to prevent malware from infecting your system, contact M&H by phone or email!

Protecting your Mobile Device

When you think of antivirus or security protection, your initial thought is probably laptops and computers, but truth is that smartphones and other mobile devices are no longer safe from malware and viruses. Mobile devices are susceptible to cyber attacks by malware and viruses created specifically to target them.

It’s important to begin taking the same precautions we do on computers,  on mobile devices especially when these malware are so easily contracted, difficult to detect, and almost impossible to remove. Malware can be embedded into your devices, without you even being aware of it, and gain complete access to your device. The worst part about it is that malware can be hiding in any free app.

Here are a few tips to protecting your mobile device from such malicious programs:

Update. This is something we cannot stress enough. Updates come with security solutions to any gaps the past operating system had been missing.

Get Protection. Malware and virus protections do exist for your mobile devices. A couple that we recommend is Malware Bytes and Sophos Antivirus. Malware Bytes offers real time protection and scanning to detect any malicious programs in your device. Sophos Antivirus takes it a few steps further by allowing you to encrypt your data. This helps protect your data in case it is lost or stolen. If that wasn’t enough to convince you already, this program also allows you to set up a remote wipe, which will allow you to wipe out all the data in your device if it were ever stolen.

Avoid Third-Party Sites. This is one of the easiest ways for malware to gain access to your device. They don’t need to go through many tough restrictions like they would if they were going through iTunes and Google Play.

If you are interested in getting full protection on your mobile devices, contact us for advice!