Fileless and Zero-Day Attacks

 

Many computer users think that if they have a good Anti-Virus program running on their computer, their computers will be safe from hacks and threats. IT security professionals have long known this is not the case, but two new types of attacks are now proving it more often than ever. They are called Fileless and Zero-Day attacks. They happen FAST, and the damage can be huge. Here’s what they are and how they work.

What are Fileless Attacks

Most users think that computer attacks happen when you open a virus-infected file of some sort. Your antivirus software is designed to catch such attacks, and many of them do a very good job. But these days, attacks can be embedded within a web page you visit with your browser. In other words, no actual file download is required, which is where the term “Fileless” comes from.

Some antivirus programs scan web pages as you open them, but they generally work based on a set of rules or “signatures” that have been previously detected by the antivirus developers. Once the developers receive reports of a new virus (whether in a file or fileless), they analyze it, determine what’s different about it that caused it not to be detected by their existing virus definitions, and then they add this “signature” to the list of definitions. But that takes time... time you might not have to spare to protect yourself from a new attack.

The time between when a virus is released and when it is fixed can be days, weeks, or months, leaving computers vulnerable.

Many fileless attacks exploit newly discovered flaws in computer programs. For example, Microsoft Office has an entire macro language built into it. This language (and the code that runs it) is often updated, and if someone discovers a newly-added flaw in any of it, they can write some code that can exploit that flaw and attack your computer. And it’s not just new software that can be the source of a Zero-Day attack. Flaws are found all the time in older software, too.

That means that data can be corrupted, files can be deleted, and files can even be held for ransom.

Similar Zero-Day attacks can occur within web browsers and other web applications, revealing passwords, personal information, browsing history, cookie access, and more. None of this is good for you or your company.

What Are Zero-Day Attacks

A Zero-Day attack is one where a software flaw is discovered and immediately exploited. Generally speaking, it’s the software author's job to patch and fix their own software. If Microsoft is told about a bug in their software, they’ll go through a lengthy process to fix it. First, they need to determine whether the problem really exists. Then they need to figure out under what circumstances the flaw happens. If they’re successful in doing so, they need to determine where in the software the flaw was introduced and then write new code to fix it.

But they’re not done yet. Now they need to test this new software to make sure that it actually fixed the problem...and also that the new fix didn’t cause any new problems. This process can take weeks or months, depending on the software's complexity and the severity of the flaw.

So, a Zero-Day attack is one that exploits a flaw in software before the software publisher has had a chance to fix it.

Are These Attacks Really A Problem?

In a word, YES. The Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, says that Fileless and Zero-Day attacks have increased by nearly 20% over the last year, and these attacks have hit about two-thirds of all enterprise-level organizations. The average cost of these attacks for enterprises is about $440 per endpoint (computer).

But what’s more significant to you is that the cost for Small to Medium-sized Businesses (SMB’s) is almost double that, about $763 per incident. And it’s only going to get worse.

How To Guard Against Fileless and Zero-Day Attacks

So if antivirus software and other file-based detection techniques can’t guard against these attacks, what can you do about them?

Computer Weekly says that “The report reveals that nearly half of all malware detected eluded basic antivirus (AV) systems, requiring a combination of legacy signature-based detection techniques and proactive behavioural detection to catch malware variants missed by signature-based detection.”

In other words, companies like yours need to increase the attention and investment you make in defending against malware such as Fileless and Zero-Day attacks. And that means you’ll need to start using tools that aren’t looking for “signatures” in the malware, but that instead look at their behavior on your computer system and network. If you find software that scans a database or registry for usernames and passwords, or that connects to and sends data to overseas servers, or that seeks to encrypt your files, then it's probably a sign that the software should be stopped.

There are hundreds, if not thousands, of different actions that malware can attempt, and behavior-based security software watches for them.

Protect Yourself And Your Company

What’s your best solution to defend against Fileless and Zero-Day attacks like these? First, always be careful when using new resources, websites and software. Second, call Digital Uppercut. We are cybersecurity experts and can configure your computers and network to minimize the likelihood of any attack. And in the event an attack is ever successful against your company, our disaster recovery solutions can help you get back to work in your business in no time. Call Digital Uppercut at 213-398-8771 for a security or IT evaluation, or contact us today here.

Security Problems for Chrome and Gmail Users

 

A recent change to Google’s Chrome browser is making us and other online security experts nervous. That’s because a new “feature” that Google introduced with Chrome version 69 to make users' online experience easier may leave those same users vulnerable to security problems they didn’t expect. These security problems with Chrome, Gmail, and other Google services are also affecting IT and Security companies like Digital Uppercut, as we now have to protect our clients from this new issue.

What Google Sync Does For Chrome Users

If you’re a Chrome user, you know that you can log into Chrome so that the browser stores your passwords and form-fill data, among other things. This is a convenience for Chrome users because they no longer need to remember complex passwords for their online accounts or enter the same personal information into online forms.

This feature also allows users to log into browsers on other devices, including mobile phones, and have all of the same stored information sync to those devices through the Chrome browser as well.

Before, the user has had to explicitly log into Chrome to enable this sync feature, called Google Sync.

Google’s Change to Chrome 69

[caption id="attachment_1217" align="alignright" width="300"] The red arrow shows this user logged into Chrome. The Yellow arrow shows this user logged into Google Docs -- a separate login[/caption]

Up to now, logging into other Google services, such as Gmail, Google Docs, Google Analytics and Google Ads, was separate from logging into Google Chrome. Google’s change to Chrome causes the user to be logged into Chrome when they log into these (and any other Google service) to also be logged into Chrome.

And so now, users on shared computers who are logging into specific Google services -- and then logging out of those services -- remain logged into Chrome unless they explicitly log out of the browser as well.

Here’s Where The Security Problems for Chrome Happen

So that means that when a second user sits at this shared computer, they may have access to the first user’s passwords. Would you like to log into Fred’s bank? No problem. Just have a seat at his computer once he’s gone and visit his bank’s website. If Fred has saved his bank password, Chrome will offer to enter it into the form for you, after which you’ll have access to his accounts.

It’s very easy to imagine how bad this problem can get...but it gets worse.

Of course, it’s bad news if we’re talking about Fred’s personal bank account, but what if it’s your company’s bank account?

And not only are Fred’s business and personal passwords available to the next user, but so is Fred’s other personally identifiable information (PII), as well as your company’s private data. Want to know Fred’s social security number? No problem. Just visit a new bank and open a new account. When they ask you for Fred’s SSN, Google will happily give it to you. Google’s new security problem makes identity theft easier than ever.

How Google Sync Makes This Problem Worse

Google Sync, on its very own, poses problems, too. When Google Sync is enabled, your and your company’s information is stored in Google’s cloud data stores. If that data is eventually breached -- which is entirely likely one day -- so is your company’s data.

It also poses problems because some users use the same Google Chrome account for both home and business browsing. As a result, they may be storing business passwords in their personal Chrome accounts, effectively going right around any protections that you, your IT company, and your policies might be trying to enforce. And the problem gets multiplied into possible HIPAA violations if this problem ends up giving access to medical records and other PII.

Protect Yourself And Your Company

What’s your best solution to deal with security problems for Chrome and other vulnerabilities like this? The first step is to find out whether you are experiencing this or any other hacks, weaknesses or vulnerabilities. They can come not only from new software and services, but old and outdated ones as well. So one of the very first things we do with any new client of our IT services or Network Security Services is to perform a security audit to find issues like this that you might not even be aware of.

Once we find the vulnerabilities, we can set policies on your network or create rules on your firewalls or software to block such activity. And we go further by installing monitors to catch a variety of new issues that we can’t even imagine yet.

That’s why you should call Digital Uppercut. We are cybersecurity experts and do this kind of work for businesses like yours every day. Not only are we effective at finding and resolving security problems for Chrome and other issues like this, but we are also backed by a Million-Dollar Ransomware Guarantee in case your network is ever attacked, and your data is held for ransom. Call Digital Uppercut at 213-398-8771 for a security or IT evaluation, or contact us today here.

Cold Boot Attack Unlocks Sensitive Data

 

We’re taught to believe that strong passwords, encryption, firewalls and other digital security measures will help keep our computers safe from hackers. Now comes a threat that reminds us that not all dangers are digital in nature. Sometimes, nothing short of locking up your computers will help to prevent them from being hacked using the "cold boot attack."

What Is A Cold Boot Attack

This attack lets hackers steal data that briefly remains in memory after a computer is shut down. Modern computers come with a safeguard, developed by the Trusted Computer Group (TCG), that overwrites the contents of RAM when a computer is restored, preventing the prior data from being read.

A Finnish company named F-Secure has developed a way to override this security measure, allowing a digital thief to access the sensitive data. The tactic involves getting physical access to the computer, opening up the case, plugging in a USB thumb drive, and manipulating the chips with a special device.

The Cold Boot Attack is not easy to do, but if someone is well-trained, it can be done on almost any computer, including Macs and PCs. Apple recommends that users set a Firmware password to secure their computers better. F-Secure recommends that companies configure their computers to not allow sleep mode, but to instead only allow users to either hibernate or shut down their computers. While neither of these steps will absolutely prevent a cold boot attack by someone who knows how to do it, they will help.

Protect Yourself And Your Company

What’s your best solution to hacks like this? First, physically secure your computers, especially after hours or while travelling on business. Second, call Digital Uppercut. We are cybersecurity experts and can configure your computers to minimize the likelihood of any kind of attack. And in the event an attack is ever successful against your company, our disaster recovery solutions can help you get back to work in your business in no time. Call Digital Uppercut at 213-398-8771 for a security or IT evaluation, or contact us today here.

Why We Tell You Cybersecurity Horror Stories

 

Every month, in our printed newsletter and on our website’s blog, we tell you about the latest cybersecurity horror stories. We’ve told you about companies that have endured millions of dollars of damage from ransomware attacks. We’ve written about companies that have had to pay millions of dollars in fines to state and federal authorities for failing to protect their customers’ data. We told you about social engineering attacks, social media hacks, vulnerabilities in software updates, breaches, viruses, trojans and other damage that have put companies out of business.

We don’t tell you these stories to scare you. We tell them to you so that you are aware of the dangers that threaten your business every day, so that you can be prepared and make intelligent decisions about how to deal with them.

It Can’t Happen To Me

Most cyber attacks happen to people and companies who were convinced that it couldn’t happen to them. After all, they argue, they haven’t been hacked before, and so it must be unlikely that it will happen now.

But the truth of the matter is that there is no industry where things change as often and as rapidly as Information Technology, and specifically with Cybersecurity.

• Every day, companies are announcing new software to solve new problems.
• Every day, companies release updates to their software to add features or patch security holes.
• Every day, security companies are developing new methods to protect users from attack.
• And every moment, the hackers, virus programmers, and other cyber criminals are figuring out new ways to attack your business on every single level.

What might have kept you safe for the last ten years will not keep you safe for the next ten years.

Recent Cyber Security Horror Stories

Here are some highlights from the last year of our cybersecurity blog.

Phishing, Vishing and Smishing

For example, in May 2018, we wrote about Phishing, Vishing and Smishing. These are messages requesting that users reset passwords or confirm information, usually for banking or other financial resources. But the web addresses where the changes are asked to be made are actually controlled by the criminals. These messages are sent via email, voicemail or SMS text messages. If the user follows the instructions, bank accounts would be instantly depleted. Similarly, the attack could be on technical resources such as email accounts, cloud storage or network servers, all of which could cause horrible damage and expensive breaches.

Social Engineering Attacks

These attacks have spawned new attacks that we now call Social Engineering attacks. We recently wrote about Social Engineering attacks, and it’s already a bigger problem than it was when we published the story just a month ago. Emails are sent to executives in a company that look entirely legitimate. These emails request access to technical or financial resources, or payment for normal services or vendors to be sent to new or alternate bank accounts. These requests look so legitimate that many people can’t tell the difference between legitimate requests and those that are fake, and end up granting access to these resources, costing companies thousands or millions to repair the damage or pay large fines for data breaches.

These are two threats that the anti-virus software you are probably relying on just can’t catch. But you can reduce the likelihood of becoming a victim of these attacks with our cybersecurity awareness training, part of our Business Protection Toolkit.

File-Less and Zero-Day attacks

Traditional antivirus software can’t catch two other kinds of threats we wrote about last winter: File-Less and Zero-Day attacks. Traditional anti-virus software matches files against a database of known viruses. But  File-Less attacks have no files to match against, and are often not among the virus definitions. Zero-day attacks are exploits discovered and attacked on the same day -- long before any anti-virus or security software publishers know about the exploit. And while those security programs can’t catch these attacks, our behavior-based systems, which are part of our Business Protection Toolkit, can.

Internal Threats

Attacks mostly come from outside your organization, but sometimes they come from inside, including from non-computing devices installed on your network (such as security cameras and alarm systems) and wifi networks. That’s why we wrote about simplifying and separating your networks to improve monitoring and increase security. Our Security Operations Center can more efficiently monitor a properly simplified network to help identify threats of any kind. For example, employees and visitors to your office who are given access to your WiFi can inadvertently introduce malware that they didn’t know their phones or laptops were carrying. When you engage us for our IT Services and Support, we will assess your network infrastructure and advise you on more efficient ways to design it.

Supply Chain Hacks

And just recently, we wrote about two attacks and vulnerabilities that no one saw coming: Supply Chain hacks. ASUS computers had their software update system infected by virus-laden software, so that every time an ASUS computer searched for updates, it downloaded infected files. Our Business Protection Toolkit caught and immobilized this hack for one of our clients before it could cause any damage. Dell’s own software update system was found to have a vulnerability that would allow a cybercriminal to download software from non-Dell servers, potentially installing any threat virtually undetected. These hacks and vulnerabilities in a technology company’s software supply chain hadn’t been seen before.

We wrote about dozens of other hacks and vulnerabilities over the last two years, and you can see them all on our Cyber Security blog here. The main point is that the threats facing your business change every day, and so should your defenses.

Let’s Talk

If you are still relying on the luck you’ve had for the last ten years to keep you safe for the next ten years, let’s talk. Our Business Protection Toolkit is designed not only to deal with the threats we know about today, but also the threats that have never been seen before as well. We designed the Toolkit to help companies like yours stay safe and stay in business. We worry about the threats, so you don’t have to. Contact us online or call us today at 213-398-8771. Let’s talk.

2019 Cyber Security: Social Engineering Is A Growing Threat

 

Trustwave published its Global Security Report for 2019, which reveals the changing face of malware and data breaches. For business owners and IT managers, what is most important is how cybersecurity strategies must change to stay ahead of advances in attack speed and stealth.

Social Engineering Attacks On The Rise

Among the most significant findings of the report is that one of the biggest categories of threats doesn’t begin with malware at all, but instead are “social engineering” attacks that manipulate users into allowing malicious software to be loaded or access to otherwise secure resources. In 2018, social engineering was the top method of initial compromise.

Phishing, in which a user is presented with fraudulent emails or websites that appear legitimate, is designed to trick a trusting user into entering their credentials. Once the hacker (or hacking software) has the legitimate credentials, it logs into the resource to do its damage.

If the resources are technical in nature, such as the email administrator, network administrator, or other computer resources, the hacker can destroy data, install or distribute ransomware, steal personally identifiable information (PII) for identity theft, steal proprietary business information, or cause other damage. If the resources are financial in nature, purchases can be made and bank accounts emptied.

Warning to Executives

A subset of social engineering and phishing attacks is causing enormous damage. “Business Email Compromises” (BEC) are emails that appear to be from one person within the company and are sent to another. According to a Verizon 2019 Data Breach Report, senior executives are 12 times more likely to be the target of BECs and social engineering attacks in general. And their success is based on two factors.

• The executives have access to vital company information and resources
• The senior members of a company tend to be older and less computer savvy

In this kind of an attack, a hacker sends an email to Executive A that appears to be from another Executive B, who has authority. The email requests that access be granted to a company resource. Executive A grants the request, and the resources become instantly available to the hacker. Other requests might include making a purchase, transferring money, or sending a payment.

Imagine the damage when the right person in the company receives an email like this:

• “Bob, Sally has forgotten her company email login information. Please reset her password immediately and send the information to her Gmail account.”
• “Bob, please give Kevin access to the accounting volume on our server.”
• “Bob, please reset my database password and send it to me asap.”
• “Bob, the routing and account number for the bank wire for Supplier A has changed. Please send our next payment ASAP to routing number 98764531 and account number 123456789.”

The recipient of this request doesn’t need to be an executive, but does need to have access to the requested resources.

How To Defend Your Company Against Social Engineering

Good endpoint protection can help to protect your users from receiving such emails in the first place. For example, emails that claim to be from your bank but don’t come from your bank’s email servers would be routinely captured by our cybersecurity systems.

But many of these emails don’t claim to be from a business. According to Trustwave, “84% of BEC messages used free webmail services for distribution, 12% used spoofed company domains, and 4% elected to employ misspelled or lookalike domain names to deceive recipients.”

And some social engineering threats don’t even arrive via email. A client of ours recently received a phone call from someone claiming to be an IT consultant, who directed the employee to grant the hacker on the line access to vital company resources.

Training Is The Key

Our Business Protection Toolkit offers many protections for your business, including strong Endpoint Protection, Behavior-Based security, real-time SIEM monitoring of your security logs, and more.

But all of them are strengthened by employees who are aware of the threats your company faces and how to detect them. Cyber Security Awareness Training is a critical part of any company’s cyber security plan, and we now offer it to all our cyber security clients.

In our training series, employees are taught to identify and prevent threats like these. They will be able to identify phishing emails, distinguish legitimate from illegitimate requests, and even detect malicious phone calls.

Get Protected

Data breaches, ransomware, stolen resources, access to bank accounts, and other cyber crimes can put a company out of business. No matter the size of your company, from sole proprietors to hundreds or thousands of employees, your business needs thorough protection. Talk to us about our Cyber Security services, including our Business Protection Toolkit, so that your business doesn’t become part of a statistic in next year’s cyber security report. Contact us online or call us at 213-398-8771.

The Death of the Mac Malware Myth

 

Do you have Mac computers in your office? A lot of companies use them because there’s long been a myth that Macs are more secure than PCs. “There’s no malware for Macs,” the old saying goes. And while that used to be true, it’s far less true these days. In the year just past, more Mac malware was discovered than in any other year, indicating that as Macs become more popular, they become a bigger target for malware designers.

Why People Believe Macs Don’t Get Malware and Viruses

Plain and simple, Macs are less popular than PCs, especially in business environments, and therefore a virus designed for a Mac will have less effect than a virus designed for PCs. That makes it less attractive to malware designers.

Second, Mac’s OSx is built on top of a Unix-like operating system. Unix was developed as a teaching tool back in the 70’s and is extremely secure. It has evolved into many open-source variants and, because so many thousands of people have contributed to it and patched security holes, it is very secure. All Apple operating systems, like MacOS, have benefited from that history.

Why Even Mac Users Are Threatened Now

Some viruses don’t even depend on a specific computer to be malicious. Malicious code can live inside the scripting languages built into MS Word and Excel files that both Macs and PCs can now run. Malicious JavaScript can be embedded inside PDF files. Some malware even lives on web pages, where malicious software and fake web pages can steal your user credentials as part of a Phishing attack, exposing your business and personal data to the criminals of the dark web.

As for the Mac-specific threats, one user on Quora.com (a popular question-and-answer website) answered a question in 2017 about Macs and Malware and concluded with “I don’t use any anti-virus or anti-malware software on my Mac, but I wouldn’t dream of trying to do that on a PC.”

But 2018 turned out to be a banner year for Malware on Macs. An article on ArsTechnica.com discusses malware that they contend Apple knew about for 4 months and never announced its discovery. An article on ITSPmagazine.com wrote up a list of 11 recent malware and virus threats.

That’s not nearly the number developed for Windows PCs, but it still makes the case that if you use Macs for your business (and even your home) and you value your business (and personal information), you need to protect yourself and your business from these digital threats.

How To Protect Yourself From Mac Malware and Viruses

Generally speaking, reputable Mac software is approved and “signed” by Apple. With the rare public exception of the malware referenced in one of the articles above, Apple does a good job of ensuring that software in its App Store is safe. If what you need can’t be found there, go to the publisher’s official website rather than downloading the software from some other source.

Keep your software updated. A lot of malicious software exploits software bugs. Once the publisher discovers those bugs, they are quickly fixed and patched. If you keep your software updated, you’re less likely to have these kinds of vulnerabilities.

Install good antivirus and anti-malware software on your Macs. Better yet, “Advanced Endpoint Detection” (AED) tools can detect malicious behavior on computers even before they ever show up in a virus definition file. AED knows what normal activity looks like and what malicious behavior looks like, and can shut down malicious behavior when it sees it.

Always be aware of what you’re doing online. Most malware is transferred via the web and email. So training yourself to recognize legitimate websites and links is a good first step. Better yet, use software to monitor and filter your email for phishing attacks and malicious links.

How Digital Uppercut Can Help

All four of these steps are part of Digital Uppercut’s new Business Protection Toolkit. This system can help keep your software up to date, ensure only approved software is installed on your computers, guard your computer against malicious behavior with AED, and monitor your web and email traffic for online threats.

Then we back that all up with a Security Operations Center, where we live computer security experts who monitor your network log files for threat patterns and spring into action if threats are detected.

The Business Protection Toolkit can even help you meet compliance standards, ensuring that your network data is encrypted on a file and folder level, which is far more secure than full-disk encryption.

Contact Us Today

Whether your business network is all Mac, all PC, or a mix of both, let Digital Uppercut protect you from PC and Mac Malware and help keep your business running. Talk to us about our Rapid IT services, Data Protection, Disaster Recovery, Cloud services, and of course, our Business Protection Toolkit. Contact us online or call us at 213-398-8771today.

Beware Money of Transfer Scams

 

Buying a home is stressful enough, but now home buyers need to be aware of a new threat to their “happily ever after” story. Property buyers can be at risk of losing hundreds of thousands or even millions of dollars if they’re not careful because hackers have now stepped into an unlikely area of finance: money transfers. Money Transfer Scams are now a real thing...and like any danger, knowing about the threat is half the battle.

Money Transfer Scams for Consumers

The scam begins much like other scams: with the bad guys getting access to your email account. A common consumer (non-business) attack starts when they then monitor your email and read the conversations between you and your real estate professionals -- in particular, your title agents. And right around the time a bank wire transfer is due, the scammers send a fake email with different bank wire instructions.

The victim sees the email, assumes it is legitimately sent from their title agent, and then sends the money to the scammer’s bank account. Once the money lands in the scammer’s account, it is often transferred immediately to other bank accounts to make recovery harder.

And just like that, with one little mistake, you’ve become a victim of a money transfer scam and handed over hundreds of thousands of dollars of your hard-earned money to some stranger, and your dream of owning a home withers away.

Money Transfer Scams for Businesses

The same kind of scam also affects business owners and financial executives who regularly transfer money via bank wire. According to Forbes.com, just as with the consumer scam, the bad guys will often hack into a vendor’s email to learn who their clients are. Then they send fake invoices or collection notices to real customers, with payment instructions to wire money to the scammer’s bank account.

Similarly, scammers will hack into a business email account (usually one belonging to an employee responsible for paying bills by bank wire), identify the kinds of bills he or she usually pays, and then send emails that look legitimate but aren’t.

How To Avoid Becoming a Transfer Scam Victim

The FBI is well aware of these money transfer scams and is trying to publicize some basic measures to help you avoid becoming a victim. Their first piece of advice is to call the receiving party before making any bank wire transfer. A quick call to your title officer or vendor can confirm whether the bank account information is legitimate.

The FBI also advises you to change your email, bank, and other passwords frequently. Use mismatched and uncommon characters to make your passwords harder to guess.

While that is good advice, it is seldom good enough to prevent your email account from being hacked. Thousands of people click on phishing emails every day and voluntarily give up even the most complex passwords. Once that happens, unusual login activity to email and other accounts happens quickly.

The best way to protect yourself from money transfer scams and hacks, or breaches, starts with complete cybersecurity training for you and your business. Knowing what hacks, scams and phishing threats look like can help tremendously. You should also have comprehensive cybersecurity measures installed on your business network, including malware detection, two-factor authentication, application whitelisting, behavior-based protection, and more.

For an analysis of your network’s current vulnerability, as well as an assessment of how to make your network truly secure, contact Digital Uppercut. We’re the experts in cybersecurity for small businesses like yours, whether internal or external. Every day, thousands of computers are attacked, networks are infiltrated, resources are stolen, and data is encrypted and held for ransom. Don’t let you and your company become a victim. Contact Digital Uppercut today by calling 213-398-8771 or contact us today here.

 

With the rise of Office 365 email accounts, a new kind of hack is becoming more common. Microsoft expects to have 120 million users by the end of 2018, so a hack targeting these users is likely to spread quickly. Knowing what to look out for is your best defense against having your Office 365 email hacked. Here’s what you need to know to guard against having your own email hacked, and your company hobbled by an Office 365 Cyber Attack.

How An Office 365 Account Gets Hacked

A typical attack begins innocently enough, often with a request to reactivate a suspended email account. The email looks a lot like a legitimate communication from Microsoft, except that Microsoft doesn’t disable email accounts in this way.

The link, which looks legitimate, is actually malicious. We are all used to seeing links in blue, and generally expect that a link with a URL (web address) in the text actually goes to that URL. Well, that is not necessarily the case; in this case, the link to Portal.office.com instead leads to a fake login page.

Once you arrive there and enter your real Office 365 username and password, the malicious software immediately begins its work.

Typically, that includes…

1. Setting up forwarding rules so that every email you receive gets silently forwarded to people who monitor your email. These bad guys are looking for other account usernames and passwords, communication patterns, contact email addresses, and more. The more information someone has about you, the easier it is for them to launch increasingly more dangerous attacks.
2. With this additional contact information, more emails are generated, ensuring the attack spreads within your organization and among your contacts.
3. If someone with Office 365 administrative privileges falls for this ruse, the entire Office 365 account is now at risk, and even more dangerous and malicious attacks could happen.

How to Prevent An Office 365 Attack

Microsoft has developed tools to help organizations prevent Office 365 Attacks. They have set up a Security and Compliance Center where they can score the security of your Office 365 setup and provide suggestions to make it more secure.

Some of the features of this security center are only available for larger installations, but some are extremely effective and should be implemented on all Office 365 implementations, including…

• Enabling “Multi Factor Authentication” for all users. That means all users must take additional steps to log in. Steps might include entering a one-time PIN sent via text message to a cell phone, using a fingerprint scanner, or answering challenge questions. While this is often inconvenient for users, it makes it nearly impossible for hackers to log in to an Office 365 account.
• Enforce very strong passwords. No more “Password” or “123456” as your password. Long passwords that include punctuation, capital and lowercase letters, and numbers are now required to prevent brute-force hacking attacks.
• Block forwarding within your Office 365 account.

Microsoft encourages you to visit the Security and Compliance Center at http://protection.office.com. However, you might find it difficult to implement all of Microsoft’s recommendations on your own. That’s where we can help. We’re experts at configuring Office 365 security measures, as well as other network security features, to help protect your business from hacks and threats of all kinds.

Of course, your entire business infrastructure becomes more secure with proper training. We at Digital Uppercut can also provide cybersecurity training to all of your employees. It is a very inexpensive service compared to the cost of a hack that disrupts your business or the cost of cleaning up a hacked system.

Secure Your Business Today

Call Digital Uppercut today and let’s talk about securing your business. We offer plans of all sizes for all kinds of companies. And while they’re all designed to help secure our clients and prevent hacks, they are also designed to help you run your business “as usual” and without overzealous security measures that could actually prevent your people from getting work done. Call us today at 818-713-1335 or contact us here for a free preliminary Security Analysis and consultation.

Beware of Fake WiFi Hotspots

 

Do you travel? Almost everyone does at some point or another, whether for business or pleasure. And you are probably very conscious of the threats of having your pocket picked or your luggage stolen while you travel. Well, you should also be aware that there are cybercriminals who are looking to steal from you, and the consequences could be far, far worse than a missing wallet. Whether you’re at an airport, any local restaurant or coffee shop, you need to beware of fake WiFi hotspots trying to steal your data.

How You Can Get Hacked On A Fake WiFi Hotspot

So how does a typical hack on a free or public WiFi network actually happen? There’s more than one way.

The most obvious way is for some malicious person or company to put up its own competing WiFi network. These “Evil Twin” networks are named in a way that looks legitimate, but is far from it. Once connected to one of these malicious networks, users are open to a variety of threats.

1. Data Eavesdropping: For example, all of your data can be monitored and recorded by criminals. They can see the images you send, the text you type, and even the usernames and passwords you use.
2. Malware Injection: These fake WiFi hotspots can be configured to load malicious software onto your phone or computer. These viruses or trojans then install themselves on your device and remain there, even when you leave the fake hotspot where you were originally infected. PC and Mobile Malware can steal your passwords, encrypt your data, and hold it hostage, and spread to other devices.

And here’s how easily this can happen: The legitimate free WiFi at Los Angeles International Airport is called “_LAX Free WiFi”. A bad guy might name his Evil Twin network something as similar as “LAX Free Public WiFi,” and most of the travelers in the terminal would never know the difference. They’ll happily connect and have no idea they're being hacked by a fake WiFi network.

But the threats don’t come entirely from fake WiFi networks. They can also come from legitimate, but free and open wifi networks. There are dozens of programs that allow hackers to monitor unencrypted network traffic on wifi networks, and most of them are free to download.

Hackread, a website I monitor to learn about trends in hacking and cybersecurity, wrote about a recent report that tells how much at risk you are at certain airports around the country. The report, by Coronet (a cybersecurity software company), surveyed the top 45 busiest airports and rated each one with a “Threat Score”. Here are the top 5 most dangerous airports for connecting to free WiFi:

1. San Diego International Airport (San Diego) Threat Index Score: 10
2. John Wayne Orange County Airport (Santa Ana, Calif) – Threat Index Score: 8.7
3. William P Hobby Airport (Houston) – Threat Index Score: 7.5
4. Southwest Florida International Airport (Fort Myers, Fla.) – Threat Index Score: 7.1
5. Newark Liberty International Airport (Newark, N.J.) – Threat Index Score: 7.1

How To Keep Your Devices Secure While Travelling

So what can you do to protect yourself? We wrote about Tech Travel Dangers and how to avoid them before, but here are some tips for you.

• Don’t connect to free or open WiFi networks EVER. This is by far your best advice.
• Bring your own WiFi, whether it’s your phone's hotspot or a separate device.
• If you must connect to a public, encrypted network (wired or wireless), make sure that you have a software firewall enabled on your computer or mobile device.
• When connecting to any public WiFi, even if it’s secure, instantly turn on a VPN (Virtual Private Network).

Whether you’re in an airport or in the middle of town, fake WiFi hotspots, as well as free or open WiFi networks, are dangerous. By the time your travels are over, you might find your entire office network hacked, your sensitive data breached, or worse.

Why Talk With Digital Uppercut?

That’s why you should talk with Digital Uppercut, whether you’re travelling or not. If your office networks and mobile devices are not secured, whether you think your staff might be connecting to fake WiFi hotspots or not, your business is vulnerable. And if your business is regulated (by medical, financial, or legal authorities), those vulnerabilities could not only cost you your data and your business, but huge fines and worse. Digital Uppercut is a company that not only specializes in digital security but is also an expert in regulatory compliance, including HIPAA, FINRA, and PCI. We can conduct a free preliminary audit to help you determine whether you are vulnerable. Contact us or call us today at 213-398-8771, and let’s set up a time to talk.

Spying on Your Employees?

 

So, your business is running well, you like and trust your staff, they are getting their work done, and the computers and network are mostly running fine. Then you come across an article or talk to an IT expert who says you should start spying on your employees. You’d never even imagined doing something like that...but is there some validity to the advice? Should you monitor your employees' computer activities? The answer is yes, and here’s why.

Risks of Not Spying On Your Employees

The fact that things are running well right now is no guarantee they will continue to do so, and the risks constantly threatening your business can be avoided with proper monitoring. Here are a few common risks your business faces and how monitoring can help you protect yourself.

• Time Theft: You pay your employees to sit at their computers and accomplish specific tasks. You can’t (and shouldn’t) be physically standing behind each employee watching what websites they visit. There are countless stories of employees spending hours of every workday on Facebook and other social media sites, updating personal websites, selling items on eBay, or even working another job remotely. Any minute spent on personal or other non-business tasks is theft of your payroll dollars, not to mention your company’s productivity.
• Bandwidth/Resource Theft: Video streaming is becoming more popular every day. Sites like Netflix, YouTube... and even videos sent and received via email... can consume huge amounts of employee time and network bandwidth. We recently had a client complain to us that their internet was slow. They wanted our advice about which internet service they should upgrade to. Before advising them on how to spend more money, we did an analysis of their bandwidth, only to find that employees were streaming Netflix all day long while they worked. We saved them hundreds of dollars every month by avoiding the upgrade.
• Adult Content: In addition to streaming mainstream content, employees have been found to be watching pornography at work. Not only does it steal time and bandwidth, but allowing such activity opens you up to numerous lawsuits and huge legal costs. It’s best to avoid such things.
• Dangerous Websites: There are tens of thousands of websites—and even entire countries—that are known to pose risks to any computer if visited. All a user needs to do is load a page from a malicious or compromised website to install a virus on their computer. From there, it’s only a matter of time until that virus can infect your whole network and take down your business. Even certain advertisements from sites as legitimate as Yahoo can include malicious spyware that can suck bandwidth and compromise your company’s privacy.

What to Monitor On Your Business Network

So, how can you avoid these problems for your business? We recommend that our clients monitor not only their employees, but every device on their network in the following ways:

• Monitor Bandwidth By User and Device: You need a history of a user’s typical bandwidth usage to help you notice a sudden increase in bandwidth. Such an increase might indicate video streaming, sharing of company documents, excessive online gameplay, or worse. And it’s important to not only measure bandwidth by user, but also by device, since a compromised device (such as a network server, mail server, network access point, or other vital pieces of your network) might indicate usage by a hacker or virus.
• Monitor Activity with Your Firewall and an SIEM: For many larger companies, we install firewalls that collect network traffic and then connect them to a Security Information and Event Management system (SIEM) that not only analyzes that traffic, but also alerts us when something looks suspicious. This technology can even apply Artificial Intelligence to detect abnormalities.
• Block activity to certain countries and sites: We can configure many firewalls to block all traffic to and from certain websites that are known to be bad. It’s also possible to block traffic to and from entire countries.

The next time someone suggests spying on your employees, know that the advice is not coming from an overbearing Big-Brother-like desire to suppress employee creativity. It comes from a real concern for the health and welfare of your company and all its employees. Proper employee and computer monitoring can save your company from theft, viruses & malware, and even lawsuits.

If you’d like to talk with us about implementing these kinds of monitoring systems in your business, we’re here for you. Contact us via email or call us at 213-398-8771 to set up a consultation.