You’ve no doubt seen the concept of “streaming” online at some point or another, whether it’s consuming content on Netflix or Youtube. However, content creators with an established fan base can stream their content on Twitch to make a living. If you have ever wondered how much some of these creators make, well, a recent hack has exposed this information and created a whole kerfuffle that must be addressed by Amazon.
Yet another major vulnerability has been discovered, this time in Microsoft’s MSHTML browser engine. The vulnerability, discovered and tracked by Kaspersky, is currently being exploited all over the world. As such, it is critical that you know how to avoid vulnerabilities like this so that you do not inadvertently allow a hacker onto your network.
If we told you that it is possible for others to hire hackers to launch attacks against your business, would you believe it? Well, we hope so, because it is very possible and more common than you might think. Comparitech launched an investigation into the average prices of various hacking services on the Dark Web, and you might be surprised by how affordable and accessible they are. This is just more reason to take network security seriously.
Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million. How Could My Asus Laptop Get Hacked? This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now. The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack. What Do I Do Now? First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date. If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed. Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool. We HIGHLY encourage you to reach out to SRS Networks if you are running any Asus hardware. It’s better to be safe than sorry.
While these potential threats are frustrating to look out for, that is exactly what needs to be done to prevent their success. Here are five tips to help you spot a phishing attack before it is too late. Extreme Urgency When somebody is trying to phish you, they often rely on you panicking and not fully thinking through the message. That’s why, whenever you receive an email labelled “urgent” and written in an intimidating tone, you need to take a few breaths and consider it a little more. There is no questioning that email is an extremely valuable communication tool, but at the same time, would it really be how you sent someone an urgent, time-sensitive message over something like a phone call? Even if it does come in via a phone call, any message you receive should be carefully considered before you act. Attachments Email gives business users so much utility, but that also lumps in those who make cybercrime their business as well. Email makes it much easier for a cybercriminal to send along a malware payload, hidden inside an attachment. Therefore, you should never click into an email attachment that you didn’t anticipate receiving, and even think twice about the ones you did expect. Many organizations—like financial institutions and the like—are favorite ruses of cybercriminals, despite the fact that these organizations will either use a dedicated solution to reach out to you or call you directly before sending along an attachment. Unless you know with confidence what an attachment contains, it is best not to click on it at all. Spelling and Grammar Errors Let me ask you a question: if you were to receive any kind of written correspondence from a business, whether it was an email, a letter, what have you, would you take that business seriously if it was riddled with mistakes and misspellings? Unlikely. Businesses are generally very aware of this, and usually put forth the effort to ensure that the materials and messages they send out are carefully edited before they distribute them for this very reason. Would you trust this blog if every other sentence featured a misspelled word or misused punctuation mark? In a phishing message, however, the individual writing it is actively banking that their reader won’t be paying too close attention, making such errors less important. While this isn’t a hard and fast rule, it is a good way to keep your business safe. Requests for Personal Information In a similar vein, does it make sense that a business that presumably already has your sensitive information would reach out and ask for it again via email? No, it doesn’t, and that’s why legitimate businesses tend not to do this. While this is also a generalization and there will be exceptions, a scammer will generally be the only party to request sensitive and personal information over email. A legitimate business will have a different tool they use to collect this data if they need it, as they need to abide by the compliance and security requirements that are likely imposed on them by some regulatory body. Suspicious Links Finally, we need to discuss links, particularly those that come included in a surprise email. Links are remarkably easy to manipulate, so while you may think you’re visiting another business’ website […]
Advance-Fee Fraud and Its Origins Believe it or not, those emails have their roots in the 18th and 19th centuries, where scammers wrote letters to their targets begging for some small financial assistance in exchange for a significant reward. Rather than a Nigerian prince seeking escape from political turmoil, one such attempt featured a wealthy Spanish prisoner that needed to be smuggled out of Spain and required some investment to bribe the guards. These scams continued over the years, appearing in French investigator Vidocq’s memoirs and reports of other transnational scams exist from 1922. Today, these advance-fee scams are most recognizable in the form of the Nigerian Prince scam, as referenced above… and thanks to the Internet, they are far more prevalent, as there aren’t even postal costs to prevent scammers from using them on a widespread basis. Why These Scams are Notoriously Obvious One would think that, as a scam that has become the go-to example of a scam, cybercriminals would have abandoned it long ago—or at least worked to make them more convincing. So, why are these scams still around, and still so transparent? In 2012, a researcher for Microsoft named Cormac Herley asked the same question and conducted a project to find the answer. His conclusion was brilliantly simple: these scams allowed hackers to weed through potential victims to find the ones most susceptible to their efforts. Cyberattacks aren’t free for cybercriminals to carry out. So, just as anyone who invests in something would want, they want to see the greatest return for that investment. In a cybercriminal’s terms, this translates to the highest number of successfully scammed people who comply with their demands. Just like in any business, a cybercriminal will want to minimize the number of false positives (in this case, targets that never send over any money). Looking at it from an economic perspective, the higher the number of false positives the cybercriminal invests in, the lower the net payout for them. After compiling statistics and going through the numbers, it became apparent to Herley that cybercriminals use the now-infamous word “Nigeria” in their scams to eliminate these false positives more effectively. Essentially, by using that word early on in their interaction with a potential victim, cybercriminals were able to shrink their target pool to only the most gullible or naïve people they had found. By cutting out the false positives early in the game, scammers could minimize their investment without sacrificing any payoff. All the grammatical errors, misspelled words, and far-fetched tales just serve to eliminate the people who ultimately wouldn’t be fooled anyway. For more detail, you can find documentation of Herley’s process here. How to Keep Your Business Safe Of course, not all scams operate this way, so it is still important for you and your team to know what to keep an eye out for. The Federal Bureau of Investigation provides the following list of rules to follow to avoid scams: If something sounds too good to be true, it is safe to assume it is. If you receive correspondence from someone asking for money or information, go through the proper steps to confirm the message’s legitimacy through other means, like a phone call. Have a professional go over any agreement you’re about to enter so that you can fully […]
Attacking Businesses During COVID-19 The deadly novel coronavirus is still in the forefront of most people’s thoughts, and as a result, many people remain home. With so many people kept from going out, people are relying on the Internet. Some businesses have shifted to remote, some haven’t but rely on online orders and support, and many others are effectively out of work, putting a lot of people online at once. For scammers and hackers, this is an ideal situation. They have taken this opportunity to set up spoofed websites that are designed specifically to get people to let their guard down enough so they can gain access to their accounts, including their business’ accounts. Unfortunately, this has become extremely common. Of the 1.2 million new COVID-19-related domains that have been built during the time spanning March 9-to-April 26 nearly 86,600 malicious websites have been created. 80 percent of those distribute malware if interacted with. An incredible amount of COVID-19 spam and phishing messages have also appeared. Some fraudulent email campaigns have claimed to come from the IRS, the CDC, healthcare organizations, and other companies. Protecting Your Business from Scams What are you to do with so many obvious (and some not-so-obvious) scams? You need to stay vigilant and remember that even though you are at home, on your home computer, that you need to function like you are on your workstation in the office. All the best practices you’ve been trained on in the office apply now and should be maintained. They include: Watch out for phishing – Whether it’s through email, messaging, or social media, keeping a skeptical eye out for phishing emails and spoofed websites will go far in keeping your business secure. Use strong passwords – Managing your passwords and keeping them up-to-date with the latest security best practices can go a long way toward securing your business. Keep data backed up and safe – Just because you are working from home doesn’t mean that your data is any less important. Keep it backed up and secured with antivirus and a comprehensive firewall. The IT professionals at SRS Networks have the experience needed to keep your business’ network secure during these hard times. Call us today at (831) 758-3636 to learn more.
One of the major cybersecurity concerns of today is how attacks are now frequently automated, making it intensely difficult for a human being to successfully keep up with threats. As a result, it only makes sense to automate your cybersecurity measures as well. There are a few ways that you can do just that. Crunching the Numbers Regardless of how much data you collect, just collecting it isn’t going to benefit your organization all that much – especially when it concerns your security. It also needs to be processed and analyzed, which is simply too big of a job to be done manually. By compiling data from multiple internal and external sources, a business can better predict how threats will play out, as well as identify those that it hasn’t yet encountered. By utilizing machine learning and automation technologies, this compilation and processing is a much simpler, faster, and more accurate process, bringing your business improved security measures. Furthermore, many businesses face a lack of security-oriented employees. Automation can help make up the difference, reducing the burden on whatever resources they do have to protect their network. How Automation Benefits Cybersecurity There are multiple ways that adopting automation can deliver improvements to your cybersecurity. Data-Supported Inferences By sequencing data collected from within your organization, along with data provided by security vendors and other sources, you can use this data to draw conclusions and make predictions about threats, enabling you to catch them more effectively. Outpacing Attacks with Protections Cybersecurity is effectively an arms race – as new threats are discovered, new preventative measures need to be implemented to keep them from spreading. Of course, by the time a threat is discovered, it has often already moved on to its next step. This means that these steps need to be predicted and protected in order to stop them. Automated defenses are the most effective means to foil an automated attack, as they are more efficient and accurate. Detecting Threats in the Network When a network fails to deter a cyberthreat, it doesn’t immediately become a data breach – and automated protections can effectively analyze data to prevent such an outcome. Since a human being can’t hope to keep up with one of these threats, automation is your best bet at detecting, identifying, and resolving them. SRS Networks is here to help you implement the cybersecurity necessary to protect your business’ resources, including automated measures. To learn more, reach out to us at (831) 758-3636.
To accomplish this, let’s examine the various types of hackers out there, and what it is that drives them to do what they do. Identifying Hackers, Based on Why They Hack “Hacker” is one of those blanket terms that most people take a lot of liberties with. However, like most blanket terms, one of its potential uses is focused upon much more heavily than the others. When you hear the word, what picture pops into your head? If you’re like most people, probably the image that pop culture has encouraged: someone sitting in a dark room, only lit by the glow of their monitors, typing furiously at their keyboards while line after line of data scrolls down their screens. This isn’t all that accurate. The Types of Hacker In actuality, there are many distinct categories of hacker, based on the motivations they have and their approach to accomplishing their goals. Originally, there were just two categories, inspired by the costuming conventions once found in Western movies. The hero typically wore a white Stetson, while the villain’s hat was traditionally black. However, as more complicated motives became apparent, more categories of hacker arose. Primary Varieties of Hacker and Their Motivations White Hat: These hackers are those who, going through the proper established channels, hacks into programs to help improve these programs’ security protocols. Anyone who assists you in running penetration tests or vulnerability assessments fits into this category, as their intention is to help keep your systems safe. Black Hat: These hackers are the ones most people think about – the ones who you are afraid of targeting your business. Motivated by their own personal gain or ill will towards their target, these hackers intend to do some kind of harm by stealing credit card information or by leveraging other methods. Grey Hat: Much like the color grey is the combination of black and white, a grey hat hacker is a blend of black hat and white hats. As such, while grey hat hackers have helped bring quite a bit of evidence to light and share it with the public, the tactics they leverage come from a black hat hacker’s playbook. Red Hat: While grey hat hackers use exposure as a weapon against wrongdoing, red hat hackers go on the offensive. By waiting for other black hat hacks, and intercepting them, a red hat hacker will attack a black hat hacker’s system to stop the attack and potentially take the other hacker out of commission. Green Hat: The greenhorn of the hacking community, a green hat hacker will commonly have no hand in any practical hacking attempts themselves, but is committed to acquiring as much knowledge about these attempts as they can. Blue Hat: Another amateur, blue hat hackers rely on preexisting attacks and techniques to go after their targets. These attacks are typically rudimentary, and are often motivated by some personal offense or argument with the target. But Why? The motivations of a hacker can be as varied as the types of hackers are, and some hackers don’t necessarily have a single motivation driving them. Stealing Information for Profit or Distribution This is perhaps the most well-known of a hacker’s motivations. Once data has been stolen, a hacker can leverage it for profit in various ways – identity theft, blackmail, […]
You are the only thing that can truly protect you from a phishing attack. Without participation, it simply is a phishing attempt. Hackers are always looking for clever ways to fool their potential victims, so can you trust your employees to recognize the telltale signs of a phishing attempt? Habitual Efforts to Foil Phishers Learning to do things the correct way is a lot easier than breaking a habit. Here are a few habits you can train your staff to do to recognize and avoid phishing attempts: Check Links BEFORE Opening Them Getting in the habit of clicking links without checking the URL is an all-too-common mistake amongst staff. If you receive a link and want to know where it will take you, all you have to do is hover over it. If you aren’t able to see the link, or the entire link, you can also right click it and copy the address it will take you to. From there you can paste it into a notepad and further examine it. While a trained eye can detect a phishing attempt, some phishers cleverly disguise their links. Learn How to Spot Fraudulent Links If your eye is untrained, and you aren’t able to identify the legitimacy of these two links, SRS Networks is here to help. amazon.com/deals/offers amazon.com.deal/offers Which of those two links would you confidently click on? Hopefully you said the first one. The tell-tale sign that a URL is coming from a fraudulent website is there will be a “dot” after the domain. The domain (example.com, example.net) is typically read as example dot com. So, if you see a link that says example dot com dot something, the link is more than likely a phishing attempt. If you aren’t entirely sure, your best bet is to avoid the link entirely. Another method phishers will often use is slight alterations in domain names. Our minds are trained to read words even when the “in between” characters are incorrect, or characters are in the wrong order. As long as the first letter and last letter are correct, typically we can make out the words without issue. Don’t believe me? Quickly skim through this list: amazon.com google.com ebay.com payal.com reddit.com visa.com Did you notice the incorrect link right away? If not, take a closer look. This simple practice is used by phishers with great results. Emotions Lead to Phishing Vulnerability Becoming a victim of a phishing attempt is easier than you might think. Once emotions are involved, instincts often kick in and result in an easy hookset. Let’s take a look at a few scenarios. “Congratulations! You have won a free iPad!” If you are lucky enough to win an item for absolutely no reason, chances are you are unlucky enough to fall victim to a phishing attempt too. Avoid these links at all costs. “You have been issued with a driver’s violation:Type: SpeedingAmount due: $143 This fee will be forwarded by mail to your address. However, you can screen it now by pressing here: DMV Notification” This one is more difficult to recognize, and frustration can easily get in the way of habitual email awareness. It is important to train your staff to recognize all different types of attempts. Examples are the easiest way for your staff to understand just […]