Phishing has been around almost as long as email itself. Remember those African princes looking for you to wire them money over 20 years back? Those initial emails may not have been much to worry about, but have they changed into believable and life-devastation today.
Phishing remains the largest attack vector onto business and enterprise networks and the most effective tool cybercriminals use to get what they want—identities, information and money.
The reason why phishing is so widely used? It’s cheap, easy, and hits a large target group. All the criminal needs to do is send out thousands upon thousands of emails (mailed to long lists of contacts) and wait for the bites.
On top of the fact that phishing is so easy nowadays, it’s getting more and more sophisticated. Talk tracks in emails are terribly convincing (from those Nubian Prince emails of the ‘90’s). Spoofing email addresses, getting digital information from social media and the web, all make for more believable emails and get the recipients of those emails to do something very simple—click on a link or attachment.
continue reading
Having your Facebook account hacked is a nightmare nowadays. Think of how much you depend on it. Many apps use your Facebook login as credentials for their sites—I can certainly think of at least a handful of phone apps I’ve used with a Facebook or Google login. Think of all the stuff someone could get into if they had hacked your Facebook account!
On top of that, think of how many ways a hacker could get to your entire friend and family network. Private messages with malicious links, abusing your Facebook page, deleting or gaining access to personal information (sometimes very personal)—all which could help someone further exploit your business connections or even compromise your business network.
Plain and simple. If your Facebook account is hacked, you should act quickly!
continue reading
Cybercriminals are targeting employee payroll and diverting funds, according the Federal Bureau of Investigation (FBI).
The FBI’s Internet Compliant Center (IC3) just released an alert about an increasingly effective cyberattack hitting a variety of organizations in the last couple of weeks.
From education to healthcare to transportation to local governments, almost every industry has seen victims come out of the recent payroll attacks.
The preferred method of distributing this attack is by phishing users—this allows criminals to key log user activity on their computers and ultimately capture employee login credentials. Armed with login information, the criminals then access the employee’s payroll accounts (this is for those of you that have online employee portals) and change bank account information, directing hard earned wages into untraceable offshore accounts.
continue reading
One of the most popular delivery vectors for malware of late? Check out CVE-2017-11882, a patched Microsoft vulnerability that allows hackers to perform arbitrary code execution, ultimately giving them access to your entire network.
Many of the latest attacks have exploited this year-old Microsoft patch to successfully penetrate business networks (note: if you are a Dynamic Edge client, this patch was taken care of a long time ago). This patch vulnerability is so wide-spread that nearly 45% of all ransomware viruses delivered last month had been delivered because businesses failed to apply this one patch.
Macros continue to be a major security problem
There continue to be weaponized Microsoft Office documents delivered via email. As phishing campaigns get more believable, rest assured, criminals are exploiting attachments like they’ve never before. While Microsoft Office by default disables macros nowadays, many enterprise systems still have them turned on. So when a user clicks on an attachment, they might execute code in the background of their computer without even thinking there’s a problem.
continue reading
The Cloud Isn’t a Security Blanket!
Even if you have all of your stuff in cloud, you’re still at risk of an attack. You can just as easily get infected in the cloud as you could on your local server. The hardware is similar, so is the software and so are the updates and patches. If you are accessing the cloud from an infected computer, someone may be able to access your data if that computer or device is not secure. The BIGGEST misconception with the cloud is your data is safe.
Most businesses (and their IT Support) lose focus on security.
All you need to crack the cloud is a Trojan (malicious software disguised as legitimate software). Maybe someone on your staff is working from home, clicks on a link and is infected with some malware that starts recording EVERY keystroke. Over the course of their work day, unknowing that their machine is infected, they log into all sorts of accounts—including logging into your cloud! A criminal now has the exact credentials to access ALL of your cloud data. They may ransom it, or they may just steal it. Either way, your cloud was breached. HIPAA was violated, and your business is at risk of hefty lawsuits, fines, and attrition.
continue reading
Did you realize that Google is actually down-ranking websites that aren’t taking security seriously?
Google, among other search engines, have started to take security online as one of their big initiatives.
If your site isn’t secure? Any rankings you once enjoyed might now be long gone.
And even more, web browsers are starting to communicate more clearly to web visitors if a site isn’t secure. If you load up a browser, type in your url and find something like one of the images below on your site, you’re likely repelling visitors from your site.
continue reading
