Why It’s Important to Lock Your Computer and Phone

adobeLocked steel padlock in a drilled hole of the black laptop on dark background. Concept of protecting personal data on a computer. A laptop is locked with a lock. Closeup, selective focusstock

Network security is not always about implementing new encryption protocols and using state-of-the-art tools to protect your business. Sometimes, it’s the small things that can make a massive difference. So, if your collective staff can implement this one easy trick, you might be surprised by how beneficial it can be for your network’s security. This practice? Locking your computer and phone.

What Is Locking Your Phone and Computer?

Essentially, your phone and computer can go into a sort of sleep mode when they’re not being used. You do this every time you close the screen on your phone. When your phone “wakes up” to be used, there should be a password required to get back into your phone. Otherwise, anyone can swipe the screen and start reading.

Locking your phone is second nature, and many people have complex passkeys or fingerprints required to do so. Computers are a different matter. Most office workers will stand up and leave their desks without locking their PC. The better practice is to lock your PC, either by performing the lock sequence that will prompt the next user for a password or putting it into a sleep mode that requires a password upon your return.

Let’s take a quick look at the benefits you get from locking your phone and computer.

Keeping Private Documents Out of Sight

The chances that corporate espionage is going to take place at a medium-sized landscaping company might be small compared to a large media conglomerate. Nevertheless, private documents on phones and computers often hide passwords and personal information.

Allowing those resources to be compromised can harm your reputation and leave you open to a litany of problems, including lawsuits.

Your Work Phone and Computer Are Vectors for Malware

Hundreds of people can come and go from a large workplace daily, and it’s not like you can keep track of them all. Unfortunately, it only takes one person with bad intent to find a computer or work phone that is connected to your company’s network and upload malware.

The most common vector for malware these days is email, and many of your company’s resources are geared towards stopping that threat as long as it’s from an external source. However, if someone sends an internal email from a trusted worker’s account and CCs everyone in the building, then it’s safe to say most people would let down their guard enough to open that email.

All it takes is a single terminal to remain unlocked and someone can wreak havoc on your business. Locking your computer and work phones can deter this threat or make at least delay the intruder long enough for them to be caught.

The benefits of locking your phone and computer at work go beyond malware and corporate espionage, though. It stops workers from learning about promotions, pay rates, and internal investigations. Locking your computer can also prevent data from being altered on a project without your knowledge.

Implementing this change is simple, and it does not require a lot of time. Get your team together, teach them how to lock their computers and phones, and test them once in a while to make sure they’re compliant. Not only will this increase security, but it will make your workers feel more like true stakeholders in the well-being of your business.

Check out our blog posts here for weekly content on business, technology, best practices, and more!

3 Cyber Security Issues Businesses Should Prepare For

Caucasian IT professional admin using laptop computer doing data transfer operation with rack server cabinets in digital room of data center. Cyber security

Cyber security should be a top priority for all businesses, regardless of size. The unfortunate reality is that many business owners do not take the necessary steps to secure their data, which could lead to significant problems further down the line.  

As technology becomes more advanced and hackers become more sophisticated, it is important to stay on top of these issues so that your company doesn’t fall victim. In this article, we will highlight three cyber security issues that you need to address before it’s too late! 

Mobile Malware 

Increased dependence on mobile devices has led to increased mobile cyber-attacks. Cybercriminals are taking advantage of the fact that people have become increasingly reliant on their mobile devices. 

In 2020, it is estimated that there were two trillion text messages sent. These texts could contain “phishing” attempts whereby malicious actors could attempt to access sensitive information such as passwords, usernames, and account numbers. 

Bank apps and other apps with sensitive information are also at risk. Consumers typically download new apps without doing any research on the company, so it’s critical to do your homework, before adding these apps to your device.  

Check if other users have downloaded and installed the app before you install it yourself. Read the reviews, and conduct a search on Google or one of the other search engines to cover as many bases as possible.  

Compliance Fatigue 

The list of compliance standards grows each day with technology updates and new threats. Compliance fatigue is a real risk faced by businesses that can lead to costly mistakes and time investments. However It’s more cost effective to keep up to date now rather than face the inevitable repercussions of not doing so later 

Lack Of Awareness and Education About Cyber Security 

Many people have no idea that phishing and other cyber scams are a problem. Any security is only as strong as its weakest point.  Employees are a network’s biggest weakness, so education about the dangers of cyber security is one way for them to be aware of the risks they face with every click on their computer or mobile device. 

When it comes to cyber security, you need to take precautions at every level: from your on-site systems and data storage, all the way up through the different layers of technology that connect with various parts of your business. Engaging with a trusted MSP like 4Corner IT can help mitigate cyber security risks. 

The Android Botnet that Victimized Consumers and Advertisers

the android botnet that victimized consumers and advertisers

“If it sounds too good to be true, it probably is.” Unfortunately, over 65,000 users neglected to observe this time-honored adage and proceeded to download a “free” app that came with the promise of among other things, a free pair of tennis shoes. Before it was all over, the online criminals had spoofed over 5,000 Android apps that in turn, downloaded an ad fraud botnet onto on over 65,000 devices. The botnet was also responsible for more than 2 billion bid requests. Yes, that’s billion, not million.

When Did It All Start?

The attack, now codenamed TERRACOTTA, began in late 2019 when a family of apps listed on the Google Play Store, offered users an opportunity to download an app in exchange for a free pair of tennis shoes, or in some cases, items such as event tickets, coupons, or even expensive dental treatments. For those who opted for the tennis shoes as their free gift, all they had to do was fill in their name along with their address details, select the shoes they wanted and in 14 days time, the shoes would be mailed to their front door. Incredibly, there were no strings attached. 

Since initially many users gave the apps a glowing 5-star review, others were likely encouraged by such positive feedback and eager to download an app and then part with their personal information. As time passed and not a single user claimed they received free tennis shoes, the 5-star reviews understandably turned negative. 

How Did They Do It?

The ad fraud botnet used in all the apps silently loaded ads in the background, and this is what made this family of apps completely different from other apps that have used somewhat similar tactics in that they bombarded users with unwanted, but obvious ads.

The entire family of apps used in the exploit were not reported to the Google Play Store as being supported by ads. Since no users ever reported seeing any unwanted ads, the apps were able to do their work under the radar. Further analysis showed no monetization mechanism and the analysis confirmed that no ads were ever shown to users. Using these clever ploys, the apps were able to deceive users on Google Play Store until the final week in June 2020.

Exploiting Advertisers

In addition to defrauding the average user, the apps also contained malware that deceived advertisers. Beyond the 14-day window of shoe delivery that of course never occurred, the apps acted as a delivery platform for other functionality that initially remained dormant.  

Eventually it was discovered the other functionality consisted of a customized Android browser that was packaged beside a control module written in the popular React Native framework. After being loaded on the phone, the customized Android browser was used to create deceitful ad impressions. These were then purchased by advertisers who bought them in the digital advertising ecosystem. 

Expert Exploitation

Those committing the fraud made use of several techniques that allowed their malware to remain undetected for quite some time. With their clever 14-day “waiting period”, it allowed them to leave an app that had no real functionality for an extended period of time on countless phones. By waiting a lengthy period rather than immediately exhibiting bad behavior, it made it much more difficult for users to connect downloading the malware-loaded app with unwanted behavior that occurred much later. The lengthy waiting period also negatively affected cybersecurity analysis since the apps required observation for an extended period of time in order to finally detect the exploitive behavior. Those in the anti-virus community simply were not prepared for malware that remained dormant for such a long period of time. 

A Cautionary Tale

The clever exploitation described above should be a cautionary tale for companies who may not be well-versed in how to effectively train their employees to spot such deceitful malware. If you would like more information on how to protect your company’s portable devices and other hardware and software from exploitation, please contact us.

350,000+ Personal Data Exposed After Preen.Me Attack

350000 personal data exposed after preenme attack

It’s the rare business that can survive without marketing and social media efforts, so when a social media marketing company like Preen.Me comes under a cyber attack, it invariably adversely affects many, many interested parties. And with Preen.Me’s recent hack, that’s exactly what happened. Over 100,000 social media influencers have had their personal data stolen because of their connection to Preen.Me. In addition, over 250,000 social media users have had their personal data exposed on a deep web hacking forum from their use of ByteSizedBeauty, a Preen.Me application.

While Preen.Me primarily focuses their marketing efforts on beauty-related content, meaning many other types of businesses were spared, that does not provide any comfort to those whose primary business is related to personal care. Preen.Me boasts big-name customers such as Unilever, Revlon, St. Ives, and Neutrogena, who in turn interact with large customer bases. 

In this post, we will outline how the attack was discovered, the data involved, and discuss the level of sophistication that hackers and data thieves can employ in their efforts to exploit, steal from, and harass innocent parties.

The Discovery  

RBS, a world-renowned leader in cyber security, first discovered the Preen.Me leak on June 6, 2020 after they noted a known threat actor posting a message on a deep web forum about their recent hacking efforts. The attack was confirmed by the actor on the same day when they shared stolen information from 250 beauty influencers on PasteBin. PasteBin is a content hosting website service that allows users to store text on their site for set periods of time. The hacker also threatened to release the personal information of 100,000 records he/she acquired. However, as of this date those records do not seem to have been released.

The Data at Risk 

The affected clients of Preen.Me are social media influencers involved in the beauty industry. Of course, their social media efforts lead them to collect information about their followers as well. Information from both side of the equation were affected, with the threat actor exposing personal information of the media influencers such as home addresses, phone numbers, email addresses, names, and social media links. In addition, some of these social media influencers have over a half million followers, potentially exposing their information as well.  

Further Exploitation

It wasn’t enough to steal such a large amount of data to potentially hold Preen.Me for a ransom amount. On June 8th, the hacker released detailed information of the over 250,000 users of Preen.Me’s application, ByteSizedBeauty. The details include their Facebook name, ID, URL, and friend’s list, along with their Twitter ID and name. Personal information was also leaked, including their email address(es), date of birth, home address, eye color, and skin tone. 

Also found in the stolen database dump, were 100,000 user authentication tokens for social media, along with a small number of possible password hashes, and a data table consisting of over 250,000 records containing user names, email addresses, customer names, and auto-generated passwords. 

Doxing so many users of Preen.Me’s marketing tools and applications leaves all of them exposed to significant issues with spam, harassment, and especially identity theft. It remains to be seen if the hacker has accomplished their entire “mission” or if they are planning to further exploit Preen.Me and/or their clients. 

A Cautionary Tale 

Preen.Me’s recent attack is a cautionary tale for every other entity that uses the world wide web. Hackers can take very personal information and hold it for ransom, or they can release it on the dark web and allow others to commit further criminal acts against innocent affected parties. Organizations must take technology security seriously and understand their security efforts are not just protecting their own data, but the private data of clients who entrust them oftentimes with very personal information.

If you would like to know more about how to protect your business and the sensitive data of your clients from cyber hackers, please contact us.

Hackers Target Cloud Services in the New Normal

hackers target cloud services in the new normal

Many employees all over the world have benefited from the recent pandemic’s ability to push millions into working remotely from home. With decreased commute times and the ability to work in a more casual environment, many employees are probably hoping to continue to work remotely for some time to come. While employees may be happy with their working arrangements, the different working environment presents some definite challenges for those working in the area of technology security. Always operating as opportunists hackers target cloud services and the influx of remote workers, hoping to find a way into the cloud in order to steal data and wreak havoc, which in turn increases costs and/or headaches for organizations.

The Target

Hackers know where to find golden information and with remote users, the gold is found in the Cloud services they use. According to recent stats gathered by McAfee, attacks on Cloud services increased by 630 percent between the months of January and April of this year! It doesn’t take much to conclude that this phenomenal number of attacks coincided with the explosion of businesses across the globe who shut down their offices, thus leaving employees with working from home as their only option. 

How Hackers Attack Remote Users

Generally speaking, hackers attack remote users in two forms. Of course, virtually every computer task begins with a user entering in their login information. If a hacker can gain login information from someone working remotely, it is that much more difficult to detect if the login is coming from a legitimate remote worker or if the user logging in is a threat to the company. With remote workers sometimes living long distances away from where their physical office building resides, or if they decide to go to a vacation home or to a relative’s home in another state, it is almost impossible to determine whether a user is legitimate or not based upon geographical location.

The second form of attack which is sometimes easier to spot, has been given the name of suspicious “superhuman” logins. This occurs when multiple login attempts are noted in a very short span of time from regions scattered throughout the world.

For companies who don’t have any employees working across the globe, these types of logins are fairly obvious to spot as suspicious. However, for companies who do have staff members distributed throughout large regions, these types of attacks can still present a challenge.

Solutions

Thankfully, there is a relatively easy solution already available that can bring successful login hacking attempts down to almost nil. Two-factor authentication procedures are essentially a must for any company that has employees who work from home. When an employee has to verify their login by entering a code sent to their phone, this eliminates virtually anyone attempting a break in by way of the login process.

Of course, employers must also train their remote-work employees to be extra diligent in discerning whether someone truly is who they say they are. Hackers can easily find out which businesses have closed their public offices and often businesses will list key personnel along with their email on corporate websites.

Under these types of circumstances, it would be easy for a hacker to impersonate someone in the company, then send a phishing email that looks like an official email from someone high up in the company, to an employee working remotely at home.  Companies can address this by instructing employees to verify identification by phone, prior to releasing any sensitive data or monetary funds. 

If you would like to know more about keeping corporate data safe and secure while employees are working from home, please contact us!