The Most Destructive Computer Viruses Part I

It is important in many fields to take a look back and see how far technology has advanced as well as examine ways that it went awry. Recently cyber attacks have made front page headlines as they have impacted tens of thousands of computers worldwide. Viruses, ransomware and malicious hacking are becoming more common and unfortunately more destructive as these cyber criminals become more sophisticated. Therefore, this month we are taking a look back at the most destructive viruses in the past.

 

  • I LOVE YOU Virus – When the ILOVEYOU virus hit in 2000 it was considered one of the most virulent computer virus ever created. With damages estimated in the $10 billion range and 10% of the world’s computers effected it was a disaster.
  • MyDoom – Like ILOVEYOU, MyDoom was a record holder in that is was a fast spreading email-based worm. In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom. The ultimate cost of the malware: $38 billion.
  • CryptoLocker – This ransomware spread through email attachments in September 2013 and encrypted the user’s files so that they couldn’t access them. The criminals would then demand a fee for the decryption password. Cost of the malware: With 500,000 victims, CryptoLocker made upwards of $30 million in 100 days.
  • Stuxnex – This is the scariest of the bunch! Stuxnet was built by government engineers in the US with the intention of obstructing nukes from being built in Iran. Stuxnet spread by a USB thumb drive and targeted software controlling a facility in Iran that held uranium.
  • Code Red – This virus first surfaced in 2001 and was discovered by two eEye Digital Security employees. It was named Code Red because the the pair were drinking Code Red Mountain Dew at the time of discovery. The worm targeted computers with Microsoft IIS web server installed, exploiting a buffer overflow problem in the system.

 

Read our next blog as we continue to discuss the Most Destructive Viruses in recent history.

Firewalls

For decades firewalls have been the first line of defense in network security. Using both hardware and software, businesses find it critical to monitor the incoming and outgoing traffic from other networks including the internet. A good firewall helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. Without a solid firewall your network is exposed to potential dangers.

Personal home computers have built in firewalls that merely need to be accessed and turned on to maintain a level of security. According to Microsoft, it is important to protect every computer in the home. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.

When it comes to business computers, employees should check with the network administrator about what protocols are called for with desktops, laptops and other devices. The growth of the internet and the resulting increased connectivity of networks means that early firewalls are no longer enough to keep out malicious traffic. Today there are numerous types of firewalls to protect the ever-evolving advancements and threats to business networks. There are proxy firewalls, Application-layer firewalls, Stateful firewalls, and Packet firewalls to choose from depending upon your company’s needs. If you don’t know what type of firewall your company requires to keep a barrier between yourself and malicious activities call M&H Consulting today.

Public WiFi – A Double Edged Sword

It really is wonderful being able to conduct business pretty much anywhere you can travel. Short of being in a remote location you can find WiFi access in coffee shops, airports, hotel lobbies and many more public spaces. Unfortunately with that easy access comes the dangers of using WiFi that can be accessed by others including cyber criminals. Let’s look at the double edged sword of using public WiFi.

PROS – The convenience and ease-of-access of public WiFi can not be beat. This is especially true for business travelers who hope to get some work done in between flights, or while staying at a hotel. Some even find it helpful to access the internet while having coffee at a free WiFi cafe. When considering the mobile business life of most companies today, having access to WiFi in so many locations is a definite advantage.

 

CONS – Unfortunately with the ease-of-use and access comes some serious disadvantages to public WiFi. Research shows that free wireless public networks located in airports and other public places are ripe for exploitation by hackers. When a user logs in the device they are using is open to potential hacking and malware that is out there. The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on.

 

To counteract this threat we suggest using a VPN – a virtual private network – or at the very least turn off sharing when you are in public. In order to maintain some level of safety only turn on the WiFi when you really need it. For more suggestions on staying safe when using public WiFi contact M&H Consulting.

 

Protecting Your Small Business from Cyber Crimes

In the last few months cyber crimes have been all over the news with the WannaCry Ransomware and other hacking events. It may seem like millions of miles away from your small business, but small and medium sized companies are just as vulnerable as larger corporations. You wouldn’t leave the door to your office wide open all day and night right? You take reasonable precautions to keep your business safe and secure, so be sure to do the same with your website and online data as well. Here are a few tips to protect your small business from cyber hacking and online dangers.

  • Stay Updated – Hacker News online suggests maintaining software and applications that are updated. The newer the updates the better as they will have the latest security.
  • Toughen Up Access ControlThe admin level of your website is an easy way into everything you do not want a hacker to see. Enforce user names and passwords that can not be guessed. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. Never send login details by email, in case an unauthorized user has gained access to the account.
  • Tighten Network Security – Computer users in your office may be inadvertently providing an easy access route to your website servers. Ensure that logins expire after a short period of inactivity. Passwords should be changed frequently.Passwords should be strong and NEVER written down. All devices should be plugged into the network and scanned for malware each time they are attached.
  • Back Up Often – Back up your files on a regular basis to avoid losing data in the case of a breach.
  • Install the Highest Security – Your business should have the highest security protocols from software to employee protocols. If you have questions on how to protect your small business from cyber crimes call M&H Consultants.

Laptops at Risk While Traveling

In our global economy many businesses travel expensively to maintain client relations and to take part in conferences on the “latest and greatest” technology for your field of expertise. While the ease of travel is wonderful, your laptop is at risk every time you go mobile. Here are a few ways to protect not only your hardware but software as well.

  • To prevent physical damage or theft, use a sturdy, weatherproof, padded bag that doesn’t necessarily look like a computer bag. Backpacks are exceptionally good at hiding technology and the have added room for power cords and other needs when traveling by plane.
  • Always keep your laptop in view and in your possession. Just a few seconds and you could be missing a lot of data and your means of working while you travel.
  • Use passcodes and authentication passwords so that you are the only one that can use the device.
  • Before each trip back up the files that are currently on your laptop. Use password-locking programs and encryption programs.
  • Make sure your virus protection is up-to-date.
  • Avoid checking your laptop as baggage, rather use it as your carry on piece. Keep it nearby either in your lap or below your feet. Let your laptop go through the x-ray machine but keep an eye on it while it does.
  • When using WiFi while traveling attempt to use secured locations rather than public Wi-Fi hotspots.
  • Avoid having your laptop stay in an area that is very cold or very hot for too long. That includes cars and trunks of cars while traveling.
  • After you return from your trip update files and data and have a test done to be sure you have not picked up any unwanted viruses.

Online Safety

 

At M&H Consulting, we work alongside many small and medium sized businesses. Many of these business are managed by entrepreneurs who also balance work and family life. Many of them ask our expert advice on online safety for the employees, but keep their children safe as well.  

Whether you are an employee of a company that works online or a teen surfing the net, here are a few ways to protect yourself online.

  • Never give out personal information whether it is your phone number, address, or parents names without ensuring you are on a secure site.
  • Never post something that could come back to hurt you later whether you are in the working world trying to get a job.
  • Check for authenticity before downloading or installing software or doing anything that could possibly hurt the computer or mobile device or potentially jeopardize privacy.
  • Do not post risque images on business or personal sites.
  • Be true to who you are.
  • Never open emails that you suspect are from a stranger or could potentially have a virus attached.
  • Monitor who has access to different accounts and who your children are dialoguing with on a daily basis.
  • Talk to employees as well as you own children about cyberbullying and signs of an online predator.
  • Call the National Center for Missing and Exploited Children at (800) 843-5678 if you’re aware of the transmission, use, or viewing of child pornography online. Contact your local law enforcement agency or the FBI if your child has received child pornography via the Internet.

Keeping Your Personal Information Secure

 

Today’s modern employee carries their work with them everywhere they go via smartphones, tablets or laptops. Mainly this can be seen as a convenience, but for employees that carry around not only their work files on their mobile devices, but also personal information this may be a dangerous practice. Here are a few suggestions to keep your personal information secure especially if you keep personal files, data, photos or financial information on your work devices.  

 

  • Beware of Impersonators Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service.
  • Encrypt Your Data – Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
  • Use Security Software – Install antivirus software, antispyware software, and a firewall. Set your preference to update these protections often. Have your IT Department or Consultants like M&H update your security regularly.
  • Lock your Device – Your laptop, phone or table should be locked when you are not using it. Do not use automatic sign ins instead use personal identification protocols.
  • Be Wise About Wi-Fi – Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.

 

Call M&H Consulting if you have questions about your personal or business data and security.

 

 

Global Cyber Attack – WannaCry Ransomware

 

Mid-May of 2017 saw one of the largest global cyber-attacks ever. Ransomware has become all too common and computer hackers took advantage of a vulnerability in Microsoft Windows in what is being called the WannaCry attack. The hackers managed to affect computers worldwide. Thus far, the impact has been felt on over 230,000 computers in over 150 countries. The ongoing cyber-attack of the WannaCry ransomware computer worm targets the Microsoft Windows operating systems and seems to originate from an anonymous source but first was seen in April, 2016 by the hacking group Shadow Brokers.

 

The damage of WannaCry seems to be fairly widespread and has hit companies that use Telefonica, a Spanish broadband and telecommunications provider with operations in Europe, Asia, and North, Central, and South America. The attack has come down especially hard on hospitals and medical facilities in the United Kingdom and throughout Europe. While anyone who hasn’t updated their Windows PC recently is vulnerable, the good news is that attempts to contain the attack’s spread have paid off. The number of infected computers did not increase the week following the attack as many had expected.

 

If you are looking for ways to avoid being a victim of this attack take the advice of your IT Department or IT Consulting company. According to security company Bitdefender, follow these five steps:

  1. Disable your computer’s Server Message Block service.
  2. Install Microsoft’s patch.
  3. Backup your data on an offline hard drive.
  4. Install all Windows updates.
  5. Use a reputable security software to prevent attacks in the future.

 

Stay tuned for more updates on this attack and follow our biweekly blog at M&H Consulting.

 

 

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

Security Tips When Using Wi-Fi

Wi-Fi is needed and used everywhere: cafes, bookstores, retail or department stores, museums, and local pizzerias. Anywhere public you can think of may have wi-fi. Once logging on, you are immediately part of the internet through your phone or computer. However, with public wi-fi also comes with the danger of hackers and intruders gaining your private information faster.

Here are a few best tips to maintain your security at all times:

    • Strong passwords – The use of strong passwords can come in handy when it is most needed. Having a sufficiently strong password limits the chance of anyone cracking through password or  getting through your information. When using a weak password, it simply increases your chances of your system being compromised, especially when working on public Wi-Fi.

 

  • Wireless encryption – Encryption has become more and more common from WhatsApp to Google encryption. WPA is a current and common encryption standard that works great.

 

    • Turn off sharing – When using your phone, it is important to know what settings and apps can keep you secure. For example at home, sharing files to other computers on a network is safe and easy. However, on public Wi-Fi, it’s safer to turn off sharing. Simply go to your control panel on Windows or system preferences on OS X > sharing and then make sure that all boxes are off. This should also include your wireless network interface. It should be turned off by default, and only turn it on when in need to connect to a wireless network. Having it open allows attacks for malicious security crackers to use as a target.

 

  • Consider your mobile device – If you need to access websites that require input of sensitive information, it could be safe to do it from your mobile phone network, instead of a public Wi-Fi connection. This includes social media sites, online shopping and online banking as well.