July 15th, 2014
Since 2013, Cryptolocker, a particularly nasty form of ransomware capable of locking users out of their own files, has been terrorizing its victims. The US Department of Justice, however, has announced that the malware is no longer a threat. Robert Westervelt has more details at CRN.
The DOJ has been working on a global operation to track down those responsible for Cryptolocker and the associated Gameover Zeus botnet. They believe they’ve found the responsible party, a 30-year old Russian computer programmer. He remains at large, but the infrastructure used to operate the malware has been dismantled, which has made Cryptolocker incapable of encrypting files on computers it infects.
All told, the ransomware and botnet were able to infect hundreds of thousands of devices and cost victims more than $100-million.
While Gameover Zeus infections fell by 31-percent over the past month, spurred by a law enforcement seizure of servers used to communicate with the botnet, there remain over 100-thousand infected computers.
Unfortunately, Cryptolocker was far from the only ransomware infecting users. Copycats and other forms of the malware are still a threat to infect a user’s system, encrypt files then demand a ransom payment in exchange for decryption. Victims of ransomware of this nature have little defense once they’re infected. The best course of action is to make full back-ups of your files regularly so that you can restore them in the case of an infection.
Ransomware has actually been on the rise recently thanks to kits being made available for sale by hackers. These kits automate attacks so that those with less expertise are able to execute them.
If any of your devices are suffering from a malware infection, or other issues, call Geek Rescue at 918-369-435.
July 11th, 2014
Gmail is one of the most popular email clients around and iOS devices are likewise incredibly prevalent. It stands to reason, then, that millions of individuals access their Gmail accounts on their iPhone or iPad. As Jeremy Kirk reports for Computer World, doing so leaves users vulnerable to data theft.
At issue is a lack of a vital security technology that would keep attackers from spoofing security certificates and gaining access to the encrypted communications being sent through Gmail. Any website or application that has users sending potentially valuable personal information uses digital certificates to encrypt that data. Attackers have been able to fake these certificates, however, and decrypt the data.
Google would be able to put a stop to these man-in-the-middle style of attacks by implementing a technology called certificate “pinning”. This involves hard coding legitimate certificate details into an application. While Google has known about this vulnerability since late February, they’ve yet to implement pinning.
Making this more odd is that this vulnerability only affects iOS users because Gmail for Android uses certificate pinning. This is being referred to as “an oversight by Google”.
For the time being, using Gmail on your iPhone is unsafe. There’s always a possibility of your messages being intercepted by a third party.
At Geek Rescue, we offer a number of email solutions for home and business, as well as support for mobile devices, including iPhones and Androids. If you’re having issues with technology, call us at 918-369-435.
June 24th, 2014
Moving part of your business’s operations to the cloud offers you a number of advantages, including more flexibility and mobility. It does introduce a few challenges related to security, however. Since employees are able to access more from more places, that means the possibility of criminals accessing important data increases. Another possibility is a crippling denial of service attack that makes any applications or data stored in the cloud unreachable. That’s what happened recently to a company hosted in Amazon’s Web Service Cloud. That attack prompted Tech World’s Brandon Butler to publish a list of tips for protecting any infrastructure as a service cloud.
- Two-Factor Authentication
The primary worry when data is available from anywhere is that log in credentials will be stolen or hacked allowing a third-party to access everything stored in the cloud. To prevent this from occurring, two-factor authentication is extremely useful. Rather than a simple log-in name and password, two-factor authentication requires a unique PIN for a user to log-in from an unrecognized device. This PIN is often sent to the user’s registered phone via text message. If an unrecognized device tries to log-in to the cloud, even with a recognized username and password, a PIN will be required, which should keep attackers out.
One of the keys to spotting a developing problem with the cloud is closely monitoring regular activity. You need to know what behaviors are normal so you can spot irregular or suspicious activity and investigate before any real problems develop. There are a number of tools available to help monitor activity like when and where users log in from. Keeping a close eye on these reports allows you to see when unknown IP addresses are attempting to gain access.
Unfortunately, no security tool can guarantee that no criminal will ever gain access to your data. In the event someone does gain access to the cloud, it’s important to have encryption in place so important data isn’t readily available to them. It’s also important to understand that not all encryption is created equal. While some is useful to protect your data in the event of a large scale attack against the whole system, that same encryption likely wouldn’t be effective should an individual user’s account be compromised.
As with anything else, if it’s important, it’s important enough to make copies. Making back-ups doesn’t improve security or protect you from an attack. It does, however, make attacks much less costly because recovery times are much shorter and much less data is completely lost. Some cloud services automatically back-up data stored there, but not all do. It’s important to know if your data is being backed up, or if you need to make arrangements yourself. You’ll also need to decide if everything stored in the cloud needs to be backed up regularly, or if there is specific, vital data that needs the most attention.
The cloud is becoming an invaluable tool for business and securing it properly is vital to the success of your operations.
For help implementing and securing the cloud, call Geek Rescue at 918-369-4335.
June 9th, 2014
Ransomware has surged in popularity for attackers over the past year. In a ransomware attack, a user’s files are encrypted and only released once a ransom is paid. Usually, this type of malware finds its way onto a user’s device through a malicious email attachment, or phishing website set-up specifically for infection. Neither of these methods are particularly efficient for criminals, however. That’s why, as Jeremy Kirk reports at TechWorld, ransomware attacks have begun appearing in conjunction with malicious advertisements on trusted websites.
Disney, Facebook and the Guardian Newspaper’s website were all found to be hosting malicious ads by Cisco Systems, who called the practice “insidious”. Also known as malvertising, legitimate websites are tricked into displaying ads that redirect users to malicious domains. While advertising networks are working hard at protecting websites against malvertising, their security is far from perfect, which leads to attacks like these.
For users, not only is the website trusted, but so is the ad. The advertisement of legitimate and trusted companies is shown, but while the user is expecting to visit that company’s website, a click actually delivers them to a site that downloads malware to their device.
In the attacks noticed by Cisco, an exploit kit on the malicious site checked for any vulnerabilities in a user’s version of Flash, Java or Silverlight. Those who hadn’t patched vulnerabilities were exploited and a ransomware relative of Cryptolocker, called CryptoWall, was installed. CryptoWall then encrypted files and demanded a ransom. The longer a user delays, the higher the ransom gets.
The group behind the attacks hasn’t been identified yet and no real protection is being offered. To avoid infection, you could avoid clicking on any advertisements online, but even that doesn’t protect you against attacks that only require the display of malvertisements. A better course of action would be to ensure that all of your applications are fully updated and patched. Then, be aware of what you’re clicking on and what website you expect to load.
If any of your devices are infected with malware, come to Geek Rescue or give us a call at 918-369-4335.
June 4th, 2014
Cryptolocker unveiled itself in 2013 as one of the worst malware threats on the web. Victims saw their files encrypted only to be released after a ransom payment was made, and even then sometimes the files would remain inaccessible. A new spam email scheme, as reported on the Symantec blog, uses the Cryptolocker name, but actually infects users with another form of crypto malware.
While the malware used in this attack isn’t Cryptolocker, it performs similarly. Users’ files are encrypted and a ransom is demanded. The use of the Cryptolocker name is perhaps to convince users that there’s no way around the encryption. Cryptolocker uses notoriously difficult, or nearly impossible, to break encryption. While this threat’s encryption hasn’t been closely analyzed, it’s likely that it hasn’t been crafted as carefully.
The attack begins with an email arriving appearing to be from an energy company. Users are told that they have an outstanding debt on an electric bill. That should be the first clue for most users. In this sense, this particular threat is more believable than others. Many companies, including electric providers, often send an email to customers telling them their latest bill is ready.
The message contains a link supposedly allowing users to view their bill. It directs them to a website containing a CAPTCHA. The number you’re directed to enter never changes, however. From there, users arrive on a page with a link to download their bill. It downloads as a file disguised as a .PDF. Again, this is all fairly believable.
Opening that file, however, immediately causes files to be encrypted and a text file pops-up informing the victim that they’ve been hacked with Cryptolocker. They’re informed to send an email to a provided address to start the ransom process.
There’s an added feature to this attack also. The malware checks to see if the user is running email client Outlook or Thunderbird. If you are, your contact list is stolen and sent to the attacker, presumably to help spread the malware to more users.
As with any other crypto attack, the key is to avoid infection. Once your files are encrypted, it’s extremely difficult to unlock them. Avoid these threats by being extremely cautious about following links in emails and downloading attachments. Also, regularly back-up your important files in case they’re encrypted or corrupted.
For help recovering from a malware infection, call Geek Rescue at 918-369-4335.
May 12th, 2014
When it comes to setting up and effectively managing your company’s IT infrastructure, there are a number of decisions to be made. Unfortunately, there’s also plenty of bad information being peddled by so-called experts and vendors. At Tech World, Roger A. Grimes published a list of “promises that don’t deliver” concerning specifically IT security. Avoiding these misconceptions helps you create a more effective infrastructure.
- Invulnerable Applications
The idea of software that is unbreakable, unhackable and totally secure is naturally attractive, but it’s a myth. Even the most painstakingly crafted applications contain flaws that eventually allow them to be hacked. A popular cry from vendors is to tout software as unbreakable, but in reality this only invites more trouble. Publicly claiming that software contains no vulnerabilities only places a target on that software. Many times, this software ends up being routinely attacked and being one of the least trusted applications available.
Encryption is a valuable security tool, but it’s incredibly difficult to create strong encryption. There are many who claim to offer unbreakable encryption, but with few exceptions encryption is hard to break, but not impossible. One characteristic that suggests a vendor’s encryption is not worth your money is the promise of thousands to millions of bits for the key. Typically, strong encryption tops out at 2048-bit keys. Anything larger is unnecessary and actually gives intelligent attackers more opportunities to find flaws and break the code. Million-bit encryption would also require a large amount of data and be difficult to send anywhere thanks to prohibitive file sizes.
This myth is a little more well-known than the others but it also leads to a large portion of successful attacks. The truth is that no one is ever truly, full secure. No antivirus is capable of catching ever possible attack and malware before it happens. Most won’t even be able to spot every piece of malware already installed on a device. The belief that a perfect antivirus program is possible, however, leads to irresponsible actions. Users put themselves in harms way because they believe their antivirus program will protect them from anything that comes along. If you want a perfect antivirus program, don’t rely on it. The better the user’s behavior and habits, the more fewer problems you’ll encounter. To get the truth about what’s needed for your company’s IT infrastructure, call Geek Rescue at 918-369-4335.
April 7th, 2014
Wireless networks have come a long way in the past decade. While you enjoy speeds faster than ever and enhanced security, there’s still an ever-present threat of someone stealing WiFi. More devices connected to your network means slower connection speeds and more bandwidth being used. Andy O’Donnell of About recently explained how to tell if someone is freeloading on your wireless network.
- Check Your Router’s Admin Interface
Every router has a way to log-in and change settings. If you’re not sure how to do this, check the user guide or search for information online. Once you’ve logged in, look for a ‘wireless configuration’ page or ‘wireless status’ page. Here you’ll find a list of the devices connected to your network. In one column, you’ll see the MAC address, which can be used to determine what type of device is being used. In the next column, you’ll see the IP address. These two numbers help you tell the trusted users from the freeloaders.
Take a moment to think about every device in your home that should be connected to your network. That’s every smartphone, laptop, tablet and desktop that’s using the internet. Remember that even a video game console and some cameras might be using WiFi. Now, compare that number to the number of devices listed in the router’s admin interface. If they don’t match up, then you’ve got someone else connected that shouldn’t be. This is where the MAC addresses will come in handy. By using a MAC Vendor look-up site, you’ll be able to determine the manufacturer of each device on your network. If there’s a device found that you don’t own, you can be certain that a stranger is using your internet connection.
Having unwanted guests on your wireless network is a sign that your security isn’t tight enough. To remedy this situation, start by enabling WPA2 encryption. Then, change the network’s name and the password required to log-in. Don’t use commonly known words like the names of children or pets. Treat your WiFi password like your bank’s website password. Don’t use full words and mix in numbers and symbols.
Properly securing your wireless network not only helps keep unwanted devices from connecting to it, it also ensures that data you send through your router isn’t monitored or stolen.
For help improving the security of your home network or the one at your office, call Geek Rescue at 918-369-4335.
April 1st, 2014
Ransomware is a particularly troubling form of malware. It’s capable of encrypting your files and preventing you from accessing them until you pay a fee. In many cases, the encryption used in these attacks is so strong that users are forced to decide whether to pay or lose the affected files forever. As Jeremy Kirk reports at Network World, one ransomware program makes a mistake that allows users an out.
Late last month, a ransomware program called CryptoDefense began victimizing users. It features the same characteristics as other ransomware. For example, it encrypts your files, specifically using a 2048-bit RSA key. It then takes the key needed to decrypt the files and sends it to the attacker’s server. The difference is that, while CryptoDefense asks for a ransom payment, you don’t need to make one to get access to the key.
The makers of CryptoDefense designed the malware with a critical hole. The key needed to decrypt the files is sent to the attacker’s server, but it’s also stored on the victim’s computer in a file folder. Users with some know-how are able to find the key and unlock their files without making any payments.
Most commonly, CryptoDefense finds its way onto computers via spam email messages. Those that mistakenly open the messages and download the attachment, usually a file disguised as a .PDF, are actually installing the ransomware.
The attackers behind CryptoDefense have collected more than $34-thousand in payments with victims in dozens of countries. With this news, users need to understand that they hold the information they need to defeat the ransomware.
If you’re infected with CryptoDefense, don’t pay the ransom.
If your computer is infected with any type of malware, bring your infected device to Geek Rescue or call us at 918-369-4335.
March 31st, 2014
Email has become a tool that most of us check and use multiple times per day. Businesses run on email and it’s vital for many users to have constant access and an ability to quickly respond. Accessibility is one of the primary reasons that webmail has surged in popularity. Services like Gmail allow users to have access from virtually anywhere with very little downtime. As Alan Henry of LifeHacker explains, however, there are still some benefits to using desktop email clients like Microsoft Outlook.
While webmail is portable and mobile, it requires an internet connection even to read emails stored in your inbox. While there are fewer and fewer environments where you have to be without an internet connection, there are situations where you’re required to work without one. When that happens, desktop email has the advantage. With a platform like Outlook, you’ll be able to read old messages, organize your inbox and queue up responses to send once a connection is available. This helps you be productive in an otherwise unproductive environment or ensures that an email with valuable information is always available even when your internet connection is having issues.
Have you ever considered what would happen if your email account was suddenly deleted? If most users lose access to their account, they likely lose access to many contacts and vital information. That’s why it’s important to regularly back-up everything stored in your email and back-ups are much easier to create and manage yourself with desktop clients. You’re able to back-up messages stored in your inbox and sent folder, all of your contacts and even your folder structure. This way, if you need to change email provider’s or the unthinkable happens to your account, you’ll have everything you need to pick up where you left off.
To be clear, it’s certainly possible to encrypt webmail, but it usually requires handing at least some control over to a third party app or add-on. For the most secure encryption, you’ll want to store keys and generation tools yourself. To do that, you need a desktop email client. Email is constantly at risk to be hacked or messages intercepted. If you’re sending valuable information via email, you should at least be encrypting it. Effective encryption for desktop mail can be implemented quickly.
There are pros and cons to both webmail and desktop email so you’ll want to carefully diagnose how you regularly use email to help you decide which option is best for you.
Geek Rescue has all the email solutions you need. From hosting email, to setting up your office with Microsoft Exchange, to improving email security and fixing issues, we have the answers you need. Call us at 918-369-4335.
February 26th, 2014
It’s common knowledge that computers need to be protected with antivirus programs and other security tools to keep from being infected with malware and attacked by other means. Very little attention is given to protecting a router, however. Wireless routers have become common. A decade ago, many homes used wired connections to the internet, but with the rise of mobile devices came the rise in demand for wireless internet. The more devices are connected to a router, however, the more valuable a target it is for attackers. As many as 70-percent of these routers contain vulnerabilities and suffer from a lack of security. These factors explain why attacks on routers have been steadily increasing over the past year.
So, what’s at stake if your router is attacked? A compromised router allows a third party inside your firewall. From there, they’re able to monitor all activity and data being sent through the router. Emails, log-in credentials, credit card information and more is available to be intercepted and monitored. Steve Bell at the BullGuard blog published a few ways to improve your router’s security.
Just as it’s important to keep your computer’s operating system and antivirus program updated, it’s important to regularly check for router updates as well. Updates to the firmware may not be automatically pushed to your router, even if the update is able to eliminate a serious security vulnerability. That’s why it’s vital that you regularly check with the manufacturer’s website to see if any recent updates have been created.
The lack of security for most users browsers comes from a simple lack of knowledge of the device’s capabilities. Many routers come with an option to encrypt data, but it may not be turned on by default. Be sure to read through your router’s manual or browse through the settings to find useful security tools.
A quick look through settings can not only allow you to enable more robust security on your router, but it also can help you avoid attacks. The first change you need to make after setting up your router is to choose a new name, which is also called a service set identifier, or SSID. You’ll also want to change the password. Routers are sent out with default names and passwords. Attackers know these typical passwords because manufacturers use the same ones over and over. Changing them immediately improves security.
Router attacks are difficult for typical users to detect. That opens the possibility that a criminal could be monitoring your activity through a compromised router for months. To avoid that, you’ll want to take the necessary security precautions.
If you’d like help setting up a secure wireless network, or have been the victim of an attack, call Geek Rescue at 918-369-0745.