What a Global Internet Outage Tells About the Cloud and Your Business

Scissors cutting internet cable with planet earth on white background - Concept of global internet outage

The week of June 14th, 2021 saw many applications and websites suffer from an internet outage. This, consequently, created considerable problems for many organizations that used these services. Businesses suffered from continuity issues, but perhaps the biggest takeaway is just how vulnerable the Internet really is to these kinds of issues. What happened, exactly?

A Small Firm’s Challenges Created Significant Ripples Online

Fastly is a firm that provides a content delivery network for several influential websites. This service basically supports a network of duplicate servers across 26 countries around the world. Thus, allowing websites to store data and content on them. If a user is closer to the location where the data is being stored, it can be accessed faster. This is the whole point of using Fastly–to ensure that users don’t have to wait too long for their news. On June 10th, however, several of these websites and applications went down. These websites and applications were ranked as some of the most popular on the web.

The internet outage was resolved quickly, but not quickly enough. It still created considerable issues for businesses and cost millions of dollars. These damages were caused by a 75 percent decrease in traffic for a full hour, which is pretty shocking. Due to the nature of these services, the affected websites were unable to switch to alternative services. Doing so would have required a fair amount of preparation and would be quite a complicated process. We can glean some valuable insights from this scenario, particularly in how the Internet is structured and the concerns that lie therein.

The Concerns Underlying the Modern Internet

A content delivery network might help to provide content delivery systems with more content. However, there are issues that come from using a CDN. These types of services are quite popular online, but since they rely on a central server to supply the information, anything that would render that server unable to work would make that content inaccessible. It’s just like any other cybersecurity issue that might affect a centralized server. CDNs might offer greater speeds compared to the traditional infrastructure that would otherwise be used to distribute content, but the advantages are not without their drawbacks.

It also does not help that the software specifications that make the Internet what it is today can disrupt billions of devices should they become vulnerable. Since most issues encountered by the Internet are smaller in scope, tools like machine learning are being used to troubleshoot and identify the root causes of these internet outages.

That said, not all organizations utilize a CDN, and many use cloud computing services for this particular need. With all this in mind, many businesses are not immune to the challenges of another internet outage, particularly from major cloud providers like Amazon Web Services, Microsoft, and Google. These create challenges for businesses that rely on these services.

We don’t want this fear to be an argument against cloud services. Instead, use it as an opportunity to understand the risks and concerns involved with its use. 4Corner IT can help you determine what your specific needs are and how your IT can address them. To find out more about how your business can use the cloud and other technology to augment its processes, reach out to us at (954) 474-2204.

The Android Botnet that Victimized Consumers and Advertisers

the android botnet that victimized consumers and advertisers

“If it sounds too good to be true, it probably is.” Unfortunately, over 65,000 users neglected to observe this time-honored adage and proceeded to download a “free” app. It came with the promise of, among other things, a free pair of tennis shoes. Before it was all over, the online criminals had spoofed over 5,000 Android apps. They, in turn, downloaded an ad fraud botnet onto on over 65,000 devices. The botnet was also responsible for more than 2 billion bid requests. Yes, that’s billion, not million.

When Did It All Start?

The attack, now codenamed TERRACOTTA, began in late 2019. A family of apps listed on the Google Play Store offered users an opportunity to download an app in exchange for a free pair of tennis shoes. In some cases they even offered items such as event tickets, coupons, or expensive dental treatments. For those who opted for the tennis shoes as their free gift, all they had to do was fill in their name along with their address details. Then, select the shoes they wanted and in 14 days’ time, the shoes would be mailed to their front door. Incredibly, there were no strings attached. 

Since initially many users gave the apps a glowing 5-star review, others were likely encouraged by such positive feedback and eager to download an app and then part with their personal information. As time passed and not a single user claimed they received free tennis shoes, the 5-star reviews understandably turned negative. 

How Did They Do It?

The ad fraud botnet used in all the apps silently loaded ads in the background. This is what made this family of apps completely different from other apps that have used somewhat similar tactics in that they bombarded users with unwanted, but obvious ads.

The entire family of apps used in the exploit were not reported to the Google Play Store as being supported by ads. Since no users ever reported seeing any unwanted ads, the apps were able to do their work under the radar. Further analysis showed no monetization mechanism and the analysis confirmed that no ads were ever shown to users. Using these clever ploys, the apps were able to deceive users on Google Play Store. That is, until the final week in June 2020.

Exploiting Advertisers

In addition to defrauding the average user, the apps also contained malware that deceived advertisers. Beyond the 14-day window of shoe delivery that of course never occurred, the apps acted as a delivery platform for other functionality that initially remained dormant.  

Eventually it was discovered the other functionality consisted of a customized Android browser. It was packaged beside a control module written in the popular React Native framework. After being loaded on the phone, the customized Android browser was used to create deceitful ad impressions. These were then purchased by advertisers who bought them in the digital advertising ecosystem. 

Expert Exploitation

Those committing the fraud made use of several techniques that allowed their malware to remain undetected for quite some time. Their clever 14-day “waiting period” allowed them to leave an app (that had no real functionality) for an extended period of time on countless phones. By waiting a lengthy period rather than immediately exhibiting bad behavior, it made it much more difficult for users to connect downloading the malware-loaded app with unwanted behavior that occurred much later. The lengthy waiting period also negatively affected cybersecurity analysis. This is because the apps required observation for an extended period of time in order to detect the exploitive behavior. Those in the anti-virus community were not prepared for malware that remained dormant for such a long period of time. 

A Botnet Cautionary Tale

The clever exploitation described above should be a cautionary tale for companies who may not be well-versed in how to effectively train their employees to spot such deceitful malware. If you would like more information on how to protect your company’s portable devices and other hardware and software from exploitation, please contact us.

350,000+ Personal Data Exposed After Preen.Me Attack

350000 personal data exposed after preenme attack

It’s the rare business that can survive without marketing and social media efforts, so when a social media marketing company like Preen.Me comes under a cyber attack, it invariably adversely affects many, many interested parties. And with Preen.Me’s recent hack, that’s exactly what happened. Over 100,000 social media influencers have had their personal data stolen because of their connection to Preen.Me. In addition, over 250,000 social media users have had their personal data exposed on a deep web hacking forum from their use of ByteSizedBeauty, a Preen.Me application.

While Preen.Me primarily focuses their marketing efforts on beauty-related content, meaning many other types of businesses were spared, that does not provide any comfort to those whose primary business is related to personal care. Preen.Me boasts big-name customers such as Unilever, Revlon, St. Ives, and Neutrogena, who in turn interact with large customer bases. 

In this post, we will outline how the attack was discovered, the data involved, and discuss the level of sophistication that hackers and data thieves can employ in their efforts to exploit, steal from, and harass innocent parties.

The Discovery  

RBS, a world-renowned leader in cyber security, first discovered the Preen.Me leak on June 6, 2020 after they noted a known threat actor posting a message on a deep web forum about their recent hacking efforts. The attack was confirmed by the actor on the same day when they shared stolen information from 250 beauty influencers on PasteBin. PasteBin is a content hosting website service that allows users to store text on their site for set periods of time. The hacker also threatened to release the personal information of 100,000 records he/she acquired. However, as of this date those records do not seem to have been released.

The Data at Risk 

The affected clients of Preen.Me are social media influencers involved in the beauty industry. Of course, their social media efforts lead them to collect information about their followers as well. Information from both side of the equation were affected, with the threat actor exposing personal information of the media influencers such as home addresses, phone numbers, email addresses, names, and social media links. In addition, some of these social media influencers have over a half million followers, potentially exposing their information as well.  

Further Exploitation

It wasn’t enough to steal such a large amount of data to potentially hold Preen.Me for a ransom amount. On June 8th, the hacker released detailed information of the over 250,000 users of Preen.Me’s application, ByteSizedBeauty. The details include their Facebook name, ID, URL, and friend’s list, along with their Twitter ID and name. Personal information was also leaked, including their email address(es), date of birth, home address, eye color, and skin tone. 

Also found in the stolen database dump, were 100,000 user authentication tokens for social media, along with a small number of possible password hashes, and a data table consisting of over 250,000 records containing user names, email addresses, customer names, and auto-generated passwords. 

Doxing so many users of Preen.Me’s marketing tools and applications leaves all of them exposed to significant issues with spam, harassment, and especially identity theft. It remains to be seen if the hacker has accomplished their entire “mission” or if they are planning to further exploit Preen.Me and/or their clients. 

A Cautionary Tale 

Preen.Me’s recent attack is a cautionary tale for every other entity that uses the world wide web. Hackers can take very personal information and hold it for ransom, or they can release it on the dark web and allow others to commit further criminal acts against innocent affected parties. Organizations must take technology security seriously and understand their security efforts are not just protecting their own data, but the private data of clients who entrust them oftentimes with very personal information.

If you would like to know more about how to protect your business and the sensitive data of your clients from cyber hackers, please contact us.

The End is Near: Goodbye Windows 7

support for windows 7 ends as of january 14 2020 mark your calendar

January 2020 is the end of Windows 7 as we know it. Like saying farewell to a dear friend, Microsoft has begun to phase out 7 in favor of the new and improved Windows 10. Businesses who have yet to make the switch will want to consider upgrading in the near future.

Don’t worry; your computers won’t magically stop working on the first of the new year. The basic features of Windows 7 will continue to function as normal. That said, there are still plenty of reasons to upgrade.

Security

Keeping your system up to date and fortified against malware is the number one reason to make the leap to Windows 10. Although Windows 7 won’t stop working entirely, automatic updates and Microsoft support will expire at the stroke of midnight. This means Windows antivirus is no longer protecting your company’s data. Tech experts are already anticipating cyberattacks to increase in light of the January deadline, specifically targeting users and corporations who have yet to upgrade.

Make sure your computer doesn’t turn back into a pumpkin. Upgrade early to allow sufficient time for any minor downtime, while ensuring your network isn’t left vulnerable come January 1st.

User Friendly

Don’t expect a substantial learning curve for Windows 10. The latest version prioritizes simplicity. Documents, folders, data, and software should transfer seamlessly onto the new interface, with little to no additional steps. In fact, many of the common programs businesses rely on, such as Office Suite, will automatically update so you can carry on with business as usual.

Revolutionizing the Future of Tech

Windows 10 offers an array of new and exciting features that improve efficiency and collaboration. This includes more ways to interface with devices, including iOS integration through Windows’ newly announced teamwork with Apple. Heightened security is also a huge plus for businesses. Cracking down on data protection is giving many companies additional peace of mind when it comes to managing critical systems information.

If you’re ready to take the plunge, our team can help outfit your business with everything from Office 365 to Microsoft SharePoint and more! We can assist in upgrading to Windows 10 by identifying the number of licenses you’ll need, compatibility of current software, and whether or not your operating systems are up to the task.

Give us a call today and ring in the new year right with new and improved features!

Support for Windows 7 Ends as of January 14, 2020 – Mark Your Calendar

support for windows 7 ends as of january 14 2020 mark your calendar

Just like the end of Windows XP, which many of us loved, Windows 7 lifespan is coming to an end. It is imperative that your business is thinking about what you are going to do when Microsoft is no longer providing security updates. Without these updates’ your operating systems will be wide open to security risks and cyber attacks. You have almost a year before the expiration, so steps should be taken soon to defray any expenses which are incurred. Depending on how old your hardware is a budget adjustment may be necessary.

There a couple of upgrade choices to look into, and deciding which is the best option for your business takes careful consideration.

Machines utilizing Windows 7 operating systems can be upgraded to Windows 10. The laptop or tower must have a 1GHz or faster processor, memory needs to be at least 1GB RAM for 32-bit and 2GB for 64-bit with a minimum of 20GB hard disk space and an 800 x 600 screen video card. If your equipment is new enough and meets these requirements, then you can purchase the licensed Windows 10 Pro for $199.99. That is the price for each PC and laptop.

Microsoft Office 365 can be outright purchased or used on a monthly basis providing you subscribe for a full year, either choice provides free upgrades. There is a caveat, a limited number of users can be signed in at a time.

The last option is to purchase new machines with Windows 10 already installed. This may be the wisest choice due to the time between now and January. Budgeting for new purchases and beginning their acquisition soon will get your business past this crisis as well as updating some tired old equipment that may have seen better days. 

One thing is certain, technology is always changing, but Windows 10 will have extended support until October 14, 2025. So whichever upgrade option you decide upon, additional changes will not have to be made for quite a while.