4 Common Sources Of Cyber Attacks And How To Avoid Them

November 29th, 2013

Cyber Attack road sign

There are a number of precautions you need to take in order to stay safe online. From firewalls to updated antivirus software, there are plenty of tools that can prevent a disastrous cyber attack or data breach. These tools still don’t guarantee your safety, however. Even with precautions in place, it’s important to understand where the majority of threats come from and avoid them altogether with safe surfing techniques. Ron Johnson, of Business2Community, listed some of the most common causes of security breaches and how to avoid them.

  • Public WiFi

Open WiFi networks are found nearly everywhere you go, but they’re far from secure. Any data you send over public WiFi is easily intercepted and stolen by a third party. This doesn’t mean you shouldn’t ever connect to public WiFi. It means you need to be extra careful about what sites you access while using this type of unsecured network. Viewing and reading websites likely won’t cause a problem, but don’t log-in to any online accounts or your password could be compromised.

  • Giving out passwords

Most users understand the dangers in giving other people their password, but sometimes even the most savvy users give out their log-in information without even thinking about it. For example, if you’re having difficulty with an account, a customer service representative might ask you for your password. This doesn’t necessarily mean they are going to misuse it, but it’s always a good idea to change passwords once you’ve told them to anyone, including a help desk. They might not always be as careful with your information as you would be. It’s also never a good idea to share accounts with others, even friends or family. If you want to allow another individual to access your account, change the password, give them the new log-in information, then change it again once they’re finished.

  • Untrusted downloads

Downloading anything should be a decision that every user is cautious of. Even seemingly trusted websites can be compromised and a file you download could end up infecting your system with malware. If you’re prompted to download an application, like a media player, go to that player’s official website to download. Be sure to scan every file downloaded with your antivirus program before opening. As for email attachments, don’t download them unless you were expecting a file to be sent to you and you know exactly what it is.

  • Phishing scams-

Speaking of email, phishing scams are a popular method for stealing your information and hacking into your online accounts. These scams have grown more sophisticated. Often, an email will appear to be from a legitimate website where you hold an account. It will claim there’s been a problem and you need to log-in immediately, or download software, or even put in credit card information. If you have any questions about the legitimacy of these emails, contact the website or business directly, by phone if possible. There’s never a time when a business will email and need your credit card information.

By learning some of these common hacker tactics, you’ll be able to be smarter about your online habits and avoid potential threats.

If you’d like to improve security at your home or business to further safeguard from malware, phishing scams, hacking and more, contact Geek Rescue at 918-369-4335.

New Threat Puts Your Financial Information At Risk

November 27th, 2013

Burning money

A new piece of malware, a trojan called ‘Neverquest’, has security experts scrambling and forecasting a number of future attacks. As Lucian Constantin of Computer World reports, Neverquest has the ability to spread quickly and steal your financial information.

It’s believed that the Neverquest trojan originated in July, but the first attacks didn’t occur until months later. Now, experts have spotted thousands of uses of Neverquest and they expect to see that number spiral out of control soon.

In many ways, Neverquest is similar to other malware that targets financial websites. It’s able to insert its own forms into websites opened in Internet Explorer and Mozilla Firefox. It steals log-in information entered into these malicious forms and can also control your computer remotely.

Those are scary features, but that’s not all Neverquest can do. The trojan comes with 28 websites where criminals will be able to steal log-ins that control finances. These are the most popular banking sites and online payment services. To expand the number of sites it’s used with, and to ensure that every infected user is at risk, the trojan also monitors a victim’s activity and searches sites visited for keywords like ‘account summary’ or ‘balance’. When it discovers those sites, it alerts it’s host so they can begin attacking those sites as well.

In order to gain access to your computer, hackers first infect websites. When you visit one of these infected websites, vulnerabilities in browser plug-ins are used to install malware directly onto your hard drive. Spam email and links sent over social media are also used to infect users.

To keep your computer, and bank account information safe, don’t follow suspicious looking links and don’t visit untrusted websites. Keep your antivirus program running and up to date, as well.

If you have malware, trojans or viruses on your computer, bring it to Geek Rescue or call us at 918-369-4335. We clean infected machines and help you protect against future attacks.

Malware Threats For Android And PC Using Digital Signatures

November 22nd, 2013

Malware concept

Malware for both PCs and smartphones continues to be a growing problem worldwide. Adam Greenberg, of SC Magazine, reports that much of the new malware discovered in the past quarter uses techniques to falsely verify, or by-pass altogether, digital signatures used to validate legitimate applications and files.

Researchers with security company McAfee reported a 30-percent increase in malware for Android,m which equates to about 700-thousand new pieces of malware. Most of this mobile malware is known as “Exploit/MasterKey.A”, which allows for the avoidance of digital signature validation.

This method is also being used in the increasing threat of malware for PCs. Malware for PC users using falsified digital signatures is up 50-percent this quarter with more than 1.5-million new pieces identified.

These latest tactics are more intelligent ways of making users believe a file of application they’ve downloaded is safe for use. Antivirus software company, BitDefender, reported one malware scam that convinces users that they’re downloading an antivirus program called ‘Antivirus Security Pro’. It contains a stolen digital signature and when run, it identifies false examples of malware and demands money to fix the problem.

Examples like this are why it’s important for users to keep security software up to date. Antivirus applications struggle to keep up with the latest tricks of cyber criminals, and it’s impossible for them to catch the latest pieces of malware that attempt to infect your system if they’re out of date.

If your computer or smartphone falls victim to malware, or you’d like to improve your security before the next attack happens, call Geek Rescue at 918-369-4335.

The Latest Threats To Your Email Security

November 21st, 2013

Email security concept

Spam emails began as a nuisance, but one that ultimately wouldn’t harm your computer. Since those early days, spam has evolved to be much more malicious. Now, spam often is the first step to infecting your machine with malware, trojans, keyloggers and viruses. Spam can be used to steal your identity and hold your computer for ransom. Jeff Orloff of The Email Admin posted some threats to be on the look-out for and some tips for how to stay safe.

Cryptolocker is the latest threat making headlines. The trojan is a form of ransomware that first surfaced in August. Most commonly, it stems from an email attachment that infects the victims computer when it’s downloaded. The cryptolocker is then able to encrypt certain types of files on your system and holds them for ransom. To decrypt the data, a payment is required. Often, there is a deadline that goes along with this demand for money. While some users report they’ve paid the ransom and their files were encrypted, others have paid and seen no results. Unfortunately, even professionals struggle to decrypt files that have fallen victim to a cryptolocker.

In less than a week, more than 12-thousand users reported being infected by a cryptolocker in the US. This isn’t the only threat to your security that strikes through email. Cryptolocker is just the latest.

Email security is essential for both your business or your home network. There are a number of options for enhanced email security, but regardless of what you choose, make sure it includes some vital features. Your security software should scan incoming email for known threats and separate those that are potentially harmful. Email protection has to be more intelligent than ever to properly protect you. Spammers are constantly updating their tactics to get around spam filters.

Geek Rescue offers a number of options to keep you safe from the latest cyber threats. Call us at 918-369-4335 to find out how we can protect you.

Internet Traffic Hijacking: Are You Really On The Right Website?

November 20th, 2013

Cyber Crime

When you enter a website’s URL and a page appears in your browser, you assume you’re in the right place. That might not always be the case, however. As Jaikumar Vijayan of Computer World reports, Man in the Middle attacks, or Border Gateway Protocol hijacking, reroutes internet traffic and is a growing problem.

About 1500 instances of these attacks have been observed in 2013. That’s a fairly low number considering the amount of traffic online each day, but it reveals that these attacks are possible and something users need to protect themselves from.

These attacks don’t permanently re-route traffic. That would immediately signal to the owner of sites they’re diverting traffic from that something is wrong. Instead, the hijacking of traffic is only temporary, sometimes only lasting for a matter of minutes.

Users who fall victim to these attacks find themselves on a different site than the one they intended to go to. Sometimes, that difference isn’t obvious, however. In many instances, criminals hijack traffic from banking websites. They also create a site that looks fairly similar, or at least passable, and then capture users log-in information. Unfortunately, many users assume they’re in the right place, so minor differences don’t alert them there’s a problem. Sometimes, just having a company’s logo and a place to log-in is enough to fool users.

Attacks like this are the reason many banks have put additional security measures into their log-in process. For example, many financial institutions include a picture and custom greeting for each user before they enter their password. If those don’t appear, users are warned not to log-in.

For individuals, the way to protect yourself from these attacks is to be aware of them and be cautious on any site where you are asked to log-in. Take a moment to look around the site and try to notice any differences from the site you’re used to visiting.

For website owners more precautions are needed to protect users.

For help adding security to your website, business network or personal computer, call Geek Rescue at 918-369-4335.

Weapon Against Smartphone Theft Refused By US Carriers

November 20th, 2013

Stealing purse

Stolen smartphones are a big problem in the US. About one in three robberies involves a smartphone and lost or stolen phones total about $30-billion each year, according to the FTC. A possible solution, or at least a tool that could decrease the number of smartphone thefts, has been found, but as Daniel Johnson, of The Telegraph, reports, US carriers have refused to use it.

It’s called ‘Kill Switch’ and it allows phones to be disabled remotely in the event they’re stolen. The thinking is that criminals would be less likely to steal phones if they were immediately disabled and made worthless except for spare parts. Samsung liked the idea so much they began making smartphones with Kill Switch pre-installed. Those phones won’t be available in the US, however.

AT&T, Verizon, T-Mobile and US Cellular have rejected Kill Switch and forced Samsung to remove it from all phones set for distribution in the US. Their official stance is that Kill Switch could be used by hackers to disable phones that haven’t been stolen.

According to some industry insiders, however, the rejection of Kill Switch has more to do with the potential loss of insurance revenue. It’s believed that theft insurance would be less in demand if Kill Switch became standard on all devices. This thinking ignores the fact that insurance would still be useful for lost and broken phones, however.

The problem remains implementing a kill switch in a more secure manner. The possibility of hackers remotely disabling smartphones poses a serious problem, which won’t be easily solved given that Kill Switch is software and software is inherently hackable.

At Geek Rescue, we can’t stop your smartphone from being stolen. But, we can fix nearly any other problem you’re having with your device. For broken or unresponsive screens, slow performance, malware, or any other issue, call us at 918-369-4335 or bring your phone in to one of our locations.

How Stolen Passwords Weaken Security For Everyone

November 15th, 2013

Password theft concept

It seems like every week a large-scale password theft makes headlines. The latest was Adobe, who experienced the loss of about 150-million user log-ins. Michael Santarcangelo, of CSO, writes that anytime a large batch of log-in information is stolen it jeopardizes the security of other businesses. There are three steps that should be taken in this event to keep your business secure.

  • Check The Email Addresses 

When an attack of this nature occurs, the compromised log-in information is made public. If you know where to look, you can look through the list of stolen log-ins for email addresses in your domain. This is important because if an employee had information stolen for one account, it significantly increases the likelihood that their other accounts could be compromised. This could lead an attack to your network. If you see one of your addresses in the list of compromised accounts, be sure to notify the owner of the address, then change their log-in information for your network.

  • Check The Passwords

Every password that was stolen is now in a hacker’s database. That means that any individual who uses the same or similar password as a user who had their account compromised is now in danger. Hackers will use these learned passwords to launch more informed, intelligent attacks on accounts. Check your company’s log-ins for similar passwords and get them changed immediately.

  • Make The Changes

Be sure to explain to the affected employees why their account log-ins need to be changed and how a hacker could attack them. Giving them access to better information and training could prevent an attack in the future.

Few business owners understand that the loss of a large group of log-ins and passwords, such as the Adobe situation, could affect them also. Taking these precautions is labor-intensive, but necessary for security.

For help protecting your company from a devastating cyber attack, contact Geek Rescue at 918-369-4335.



New Spam Campaign Uses Dropbox Name

November 14th, 2013

Spam envelope

Spam email is a common problem for anyone with an an email address. Most spam messages are easy to identify, but a practice called brandjacking muddies the distinction between legitimate email and spam. Sue Walsh, of the All Spammed Up blog, reports that a recent brandjacking spam campaign involves Dropbox and attempts to steal banking and credit card information.

This scam starts when an email that appears to be from Dropbox arrives in your inbox. There are multiple variations of the same spam email, but all contain the same basic message. Some, however, are more convincing because they eliminate the typical broken English and poor spelling that marks most spam.

The message informs users that their password is too old and needs to be replaced. Users are then directed to follow the provided link and update their password. This is actually a believable ploy because Dropbox does periodically ask users to change passwords when their account hasn’t been active for an extended period of time.

The link provided doesn’t take users to a Dropbox log-in page, however. Instead, they arrive on a site made to look like it’s owned by Microsoft and told that their browser is out of date. An update is offered up for download, which is actually a Trojan that steals banking and credit card information.

The same group suspected of this scam has brandjacked UPS, Verizon and the Better Business Bureau in the past.

No matter how believable a message is, there are still ways to see through these scams. Before following the instructions of any email, check the sender’s address. In this case, the send won’t have an ‘@dropbox.com’ address, so you can assume the message isn’t legitimate. Also, if you follow a link provided that doesn’t take you where it’s supposed to, it’s another sign that you’re being scammed.

If you have any suspicion that an email you receive from a company isn’t legitimate, contact the company directly by phone.

If your computer has been infected by malware, viruses or Trojans, or you’d like to improve your device’s security before an attack happens, contact Geek Rescue by calling 918-369-4335.

How To Overcome Common Virtualization Security Concerns

November 14th, 2013

Virtualization concept

Virtualization is becoming a staple of businesses of every size. According to a Cisco survey, 77-percent of small to medium businesses have already virtualized part of their infrastructure. In the next two years, the virtualization budgets will increase for about 70-percent of all businesses. As Sam Narisi, of IT Manager Daily writes, virtualization allows companies to save money while increasing flexibility and scalability, but there are some security concerns. Here are the top three security issues associated with virtualized services and how to overcome them.

  • Limiting Access

Many organizations host multiple virtual machines on a single physical machine. This is the nature of virtualization and why it is so popular. This opens the door for devastating attacks, however, if the virtual machines aren’t properly separated. It’s important to grant employees access to only the VMs they need. This way, if their access is compromised, your entire virtualized infrastructure isn’t.

  • Vulnerabilities

Any software will contain bugs and vulnerabilities that can be exploited by intelligent hackers. Virtualization software is no different, but allowing a hacker to use these vulnerabilities could prove much more costly than other software exploits. Patches and updates are constantly being made available to fix these flaws. It’s important to stay current and update your software each time a new patch is released so you can close holes in security before an attack takes advantage of them.

  • Management 

More than ever before, it’s important to have a firm grasp on the IT assets in existence and who has access to each in your company. This was a simpler job when each machine was physical. With virtualization, VMs can be created and moved quickly, which sometimes leaves IT out of the loop. If a problem comes up, it’s much easier to solve it when you know where each machine is and who is able to access it.

Virtualization offers a number of benefits for businesses, but it also comes with increased responsibility and security concerns. Geek Rescue helps take the uncertainty and labor out of virtualization. Call us at 918-369-4335 to find out what services will give your business a competitive advantage.

Beware Unpatched Windows Security Vulnerability

November 11th, 2013

Windows 7

A zero-day exploit that affects Internet Explorer, Windows XP and Windows 7 users won’t be getting a patch from Microsoft any time soon. Microsoft’s Patch Tuesday for November is only a day away and, as Paul Ducklin of Naked Security reports, news is already spreading that a patch for this exploit won’t be included.

The “remote code execution vulnerability” is dubbed a zero-day because hackers were the first to discover it. Rather than security experts, or Microsoft themselves, discovering the vulnerability and patching it, cyber criminals have been able to launch attacks in the wild before any precautions could be taken.

The attacks seen so far that exploit the vulnerability use .TIFF image files that contain malware. When a user opens the seemingly innocent image file, malware infects the machine, but no warning or notice is given. This silent infection allows hackers to remain undetected while they claim access to files and control a computer remotely.

So far, most of the attacks stem from email attachments. The .TIFF is hidden in a Word document and automatically loaded when the document is opened. There are a number of other ways the exploit could be attacked, however. Inserting the infected image file directly into the body of an email could infect your system through only a preview of the message. Hackers could also set-up websites specifically to infect visitors, or insert malware into existing sites using .TIFF images.

While there’s no patch coming from Microsoft this week, there are ways to protect yourself. A Fix it tool released by Microsoft will tell your computer to stop processing .TIFF files. This is a broad stroke, but one that will ensure the vulnerability will be closed until a more permanent patch is made available.

In the meantime, some simple advice will also help improve your security. You should always be wary of unsolicited emails and their attachments. Often, all it takes is opening the email to try to verify its authenticity is all it takes to become a victim. Also, make sure you have an antivirus program in place and it’s updated. Because of the way this exploit gives a hacker access to all of the files you’re current user account is able to access, it’s useful to use a non-administrator account. That way, if you are attacked, only part of your system is at risk, and solving the problem from an administrator account is much easier.

If any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335. We’ll find the problem, fix it and help you protect yourself from future attacks.