February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
January 24th, 2014
Previously, we outlined three security vulnerabilities that exist on your iPhone. With malware and hackers targeting iPhones more than ever, you not only need to know where you are vulnerable, but also how to protect your device. Steve Bell of Bullguard has a list of tactics and apps that will improve the security of your iPhone.
This isn’t technically an app, although there is one available. Find My iPhone is well-known, but it’s an indispensable tool. To activate it, go to your iPhone’s settings, then select ‘iCloud’ and check the ‘Find My iPhone’ option. Then, if your phone is lost, you’ll be able to log-in to iTunes and see its current location, display a message on its screen, play a sound, lock it or wipe it clean. The Find My iPhone app lets allows you to find other iOS devices from your iPhone. Also, consider using GadgetTrak, which offers similar features to Find My iPhone but will also use your phone’s camera to take a picture of its surroundings or its thief.
There are a large number of iPhone users that don’t lock their phones with any type of passcode. While locking your phone doesn’t provide robust security, an unlocked phone is a much more attractive target for criminals. Set a passcode by going to the general settings menu and selecting ‘Passcode Lock’. It’s also important to make sure that no one can use Siri unless your iPhone is unlocked. This is a slight security vulnerability that can be fixed by turning your phone on to the passcode screen and sliding the Siri slider to off.
Using your computer to back-up data is a great idea in case your phone is lost or stolen or data is corrupted. But, storing it unencrypted makes it easy for hackers to steal it if they gain access to your computer. Make sure when you sync your iPhone or iPod to your computer with iTunes, you encrypt the data you back-up.
If you regularly connect to public WiFi and want to be able to log-in to online accounts or shop online with your phone, you need this app. A VPN encrypts the data you transmit while connected to a wireless network so it can’t be intercepted and stolen. Hotspot Shield also protects you from spam, phishing and malware. Using a unsecured network is a common way your identity is stolen or device infected. Using a VPN is a great way to protect yourself.
Sometimes, the best defense against cyber crime is to be smart about how you use your iPhone. Don’t download apps outside the official app store, don’t download email attachments and don’t enter personal information over an unsecured network. Avoiding the cause of issues helps you stay safe.
If any of your devices are having issues, like slow performance or malware infection, come by Geek Rescue or call us at 918-369-4335.
January 20th, 2014
There are so many threats to your smartphone. Malware is being created specifically for mobile devices at record numbers and, of course, you have to worry about your information, like text messages and phone calls, being intercepted and recorded. To prevent these security vulnerabilities, you could download security apps. As Rob Lever reports at Business Insider, your best option for a secure, mobile experience is to get a new phone. Specifically, the Blackphone, which is said to be the most secure smartphone ever made.
Silent Circle, described as a “secure communications firm”, began developing the Blackphone because they saw a need for truly secure mobile communication and no other companies stepping up to serve that need. The company has already released apps for both smartphone and PC users that encrypt messages and videos. The Blackphone will feature encryption for video and text, as well as securie VoIP calls.
The secure smartphone won’t be released for another month and specifications will likely be kept under wraps until then. In the meantime, we know it will be less expensive than big flagship smartphones like the iPhone 5S and Samsung Galaxy S4.
According to a Silent Circle executive, the Blackphone isn’t just useful for those who need top of the line security, such as government employees. It’s built for a typical user with features similar to other smartphones only it has the added benefit of being much more secure. All of that, however, comes with the warning that no mobile device is completely secure. Even the Blackphone with all of its attention to a more private and secure experience for users isn’t impenetrable. But, right out of the box, this smartphone has inherent advantages.
Chances are, your smartphone isn’t as secure as the Blackphone. If it’s been infected with malware or needs any other type of repair, bring it to Geek Rescue or call us at 918-369-4335.
January 17th, 2014
You’ve no doubt heard of the recent attack that stole data, including credit card numbers, from Target customers. After that attack, it was discovered that malware capable of stealing data out of the memory of point-of-sale devices, which are used by retailers and just about any organization that accepts payment digitally. Mathew J. Schwartz of Information Week published some facts about this memory-scraping malware that both users and businesses should know in order to stay safe.
The first time a memory scraping malware attack took place was in November of 2011 when several hotels had point-of-sale systems compromised. Since then, the malware has targeted hotels, auto dealerships, healthcare companies and many others. No previous attacks reached the scale of the Target breach, however. It is believed that those attackers successfully stole more records than any similar, previous attack.
You might think that important information like credit card information should be encrypted when stored to avoid this type of large scale attack. At almost all times, this information is encrypted, but not until later in the process. This malware steals data directly from memory, where it’s still in plain text. This could happen almost immediately after you swipe your card and even before payment has been authorized. Once that data is transferred to a hard drive or sent elsewhere, it’s encrypted, which makes it difficult, or in some cases impossible, for hackers to steal it.
- Vulnerabilities of point-0f-sale
Storing credit card data in plain text is an inescapable vulnerability in point-of-sale systems, which is likely the driving factor behind the way this attack was organized. When information is stored in memory, it needs to be processed, which means it has to be un-encrypted so the data can be used. Memory scraping malware is designed to wait for this moment when data is vulnerable and intercept it.
Point of sale systems operate on a network, which means there are a number of ways they can be infected. Any infected device connected to the same network could be the source. If that network isn’t secured properly and is compromised, that opens another option for malware to get in. In the Target attack, the personal information of customers was stolen in addition to credit card information. This suggests that malware had infected more than the point of sale devices. Servers or other databases connected to the internet were also attacked.
This type of attack is difficult to detect thanks to intelligent techniques used by hackers. Once malware has infected the network, it still needs to infect the point of sale device to steal valuable data. Doing so would usually set off alarms from security software protecting devices on the network, but in these attacks, encryption and antivirus evasion tools are used to confuse security and operate undetected.
There are other methods to protect devices with many of them stemming from keeping infected devices from directly connecting to point of sale devices. Unfortunately, for users, it’s seemingly impossible to tell if a retailer’s system is infected and will put your data at risk.
If your business would like to explore more robust security options to keep your information and your customer’s information safe from malware attacks, contact Geek Rescue at 918-369-4335.
January 14th, 2014
Even with security measures in place, the most cautious internet user can suffer a malware infection. Not all malware infections are created equal, but it’s advised that you find and eliminate malicious files as fast as possible, regardless of what threat they actually pose. Some malware, like the well publicized CryptoLocker, encrypts your files, which effectively locks you out of your own computer. Lincoln Specter of PC Advisor has some tips for how to overcome an invasive malware infection.
Ideally, you’ve been regularly backing-up your important files. If that’s the case, get rid of infected files and restore the copies you’ve saved. Regular back-ups make recovering from an attack easy, but many of us don’t back-up our computers as much as we should.
It’s important to know exactly what your computer is infected with and how it will affect your system. Some malware opens pop-ups, or hijacks your browser, but doesn’t infect or encrypt other files on your hard drive. Those types of malware are important to remove, but can usually be solved with a good antivirus program. Malware that falls under the umbrella of ransomware is trickier. Files are either hidden or encrypted and a ransom is demanded to restore them. It’s important to research what type of malware you’re infected with so you know what the next step should be.
If you’re infected with a less complex form of ransomware, you may be able to restore your files without paying a ransom. First, reboot your machine in Safe mode. For Windows 7 users, this means pressing F8 repeatedly before Windows loads. In Safe mode, go to Windows Explorer, select ‘Organize’ and ‘Folder’ then ‘Search Options’. Click on the ‘View’ tab and enable the “show hidden folders, files and drives’ option. Now, go see if the files that you were missing are available. If you find them, you can right click, then select ‘Properties’ and unselect ‘Hidden’. Now your files should be available when you reboot into normal mode, but be sure you go through and completely remove any malicious files still on your machine.
Unfortunately, if this method doesn’t work it probably means you have a more complex form of ransomware that has encrypted your files. While some encryption can be broken, criminals are using more and more complex methods to ensure that the only way to get your files restored is to pay them.
If you find yourself with any type of malware infection, call Geek Rescue at 918-369-4335 for help.
January 8th, 2014
For many of your online accounts, a password is the only thing keeping criminals out. This makes users incredibly reliant on passwords, but many still make mistakes when choosing one. Kirsten Dunleavy at the Bullguard blog explains “the password management paradox” and how to best choose your passwords.
The best practice for securing each of your accounts is to choose a unique password for each of them. This way, if one account is hacked, your other accounts are still safe and secure. If you use the same password for multiple accounts, one account getting hacked could give a criminal access to all of your information. The issue associated with creating unique passwords, however, is that users can’t remember all of them. This is the paradox of password management because if you can’t remember your passwords, it makes them less secure. Users take actions that weaken the strength of passwords like writing them down, or storing them unencrypted, continuously having to have passwords emailed to them or reset by admins or ignoring a prompt to update an old password.
You need to use different passwords for each account, but you can still use some tricks to help you remember them. Using memorable phrases for each account is one way, but unless that phrase applies directly to the account, it might be hard to keep track of which password goes with which site. Another way is to pick one, strong password and then alter it based on what site you’re using it with. So, the first seven or eight characters of every account might be the same, but the last few characters are specific to that account. Maybe add Y!00 for Yahoo accounts or GO0 for Google accounts. Whatever trick you use, remember that it’s important to use upper and lower case letters, numbers and symbols in each password.
Users’ many problems with passwords has led to the rise of password managers. These services are often free and will store all of your passwords for you. Many will even offer to log-in to stored accounts automatically when you visit the corresponding website. So, you can make each password strong and unique and not have to worry about forgetting them. Your passwords are encrypted and stored behind one master password. Make this your strongest password and make sure it’s one you’ll remember. Use a long phrase and replace letters with numbers or symbols.
Although biometrics and two-step authentication are both being used more, passwords are going to be the main tool used to secure online accounts for a long time. Make sure that you’re using them effectively.
At Geek Rescue, we specialize in security. To improve security on your computer, at your home or office, or fix the damage of malware or viruses on your machine, call us at 918-369-4335.
January 8th, 2014
Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.
The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.
Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.
The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.
The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.
If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.
January 3rd, 2014
Cryptolocker was perhaps the most talked about piece of malware during the final months of 2013. After infecting an estimated 300-thousand computers in its first three months of existence, it should be no surprise that Cryptolocker is now launching copycat malware. John E. Dunn of Tech World reports that Crilock.A, otherwise known as Cryptolocker 2.0 began infecting users just before Christmas.
Security experts say that it’s likely that version 2.0 stems from a copycat rather than the same group responsible for the original Cryptolocker because it’s not as complex. Rather than spreading through malicious emails, 2.0 infects users by posing Microsoft Office or Adobe Photoshop files on peer to peer file sharing sites. This is a much smaller target audience but also makes it less likely that Cyptolocker 2.0 will be reported to authorities.
In many ways, however, Cryptolocker 2.0 performs the same way the original does. After infecting a machine, it encrypts files with certain extensions and demands a ransom to decrypt them. 2.0 targets a wider range of files than the original also. This is likely because of the users being targeted. Music, image and video files are all included on the encryption list.
Cryptolocker 2.0 is also capable of spreading to removable drives. Anything connected via USB could be infected. This isn’t a new capability for malware, but could prolong the malware’s life.
Included in Cryptolocker 2.0 are other components that launch separate attacks. One is used for DDoS attacks. Two others are designed to steal Bitcoins.
Similarly to the original Cryptolocker, overcoming an infection and regaining your encrypted files is difficult. The best protection is to avoid an infection in the first place. Thankfully, in the case of Cryptolocker 2.0, for now avoiding an infection is as easy as avoiding peer to peer file sharing sites. Although, there is always the possibility that other users will be targeted at a later date.
If your computer is the victim of a malware attack, call Geek Rescue at 918-369-4335.
January 2nd, 2014
Windows users have a tool included on their systems that sends a report to Microsoft any time an error occurs. This is to help Microsoft create patches and updates that resolve issues, but as Gregg Keizer of Computer World reports, these error reports are also helping hackers find vulnerable targets.
The problem with error reports is that they’re unencrypted. This means that anyone able to intercept that data on its way to Microsoft will be able to discover a wealth of information about the user and their computer. Information included in errors reports include what software is installed, what version of the operating system is running, the latest patches and updates installed, devices and peripherals plugged into the computer and reports on recent application and operating system crashes. This information has been described as “a blueprint” for how to attack a user and where security vulnerabilities exist.
The most common way to hackers to intercept this information is a ‘man in the middle’ attack, which allows a hacker to ‘sniff’ or monitor all activity conducted over your internet connection and steal any data transmitted.
A German newspaper recently reported that the NSA has already been stealing crash reports to make their attacks more intelligent. While this threat is unlikely to target too many individual users, businesses are certainly at a significant risk.
Windows sends error reports by default, but they can be turned off. Security experts, however, advise against this measure. The reason error reports are valuable to hackers is the same reason they’re valuable to your IT department. They highlight vulnerable areas of your network and help you patch them.
Instead of losing this diagnostic tool, improve it. Rather than sending reports directly to Microsoft, you can direct them to an internal server and encrypt the information before sending it on. This way, even if the report is intercepted, it won’t be able to be deciphered.
If you need to improve the security at your business, or have been the victim of a cyber attack and need help fixing the damage, call Geek Rescue at 918-369-4335.
December 30th, 2013
The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.
This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.
This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.
Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.
These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.
For help with your company’s security, contact Geek Rescue at 918-369-4335.