The New Normal – Hackers Set Their Sights On Cloud Services

The New Normal - Hackers Set Their Sights On Cloud Services

Many employees all over the world have benefited from the recent pandemic’s ability to push millions into working remotely from home. With decreased commute times and the ability to work in a more casual environment, many employees are probably hoping to continue to work remotely for some time to come.

While employees may be happy with their working arrangements, the different working environment presents some definite challenges for those working in the area of technology security. Always operating as opportunists and with the influx of remote workers, hackers have decided to turn their sights on the tens of millions now working from home, hoping to find a way into the Cloud in order to steal data and wreak havoc, which in turn increases costs and/or headaches for organizations.

The Target

Hackers know where to find golden information and with remote users, the gold is found in the Cloud services they use. According to recent stats gathered by McAfee, attacks on Cloud services increased by 630 percent between the months of January and April of this year! It doesn’t take much to conclude that this phenomenal number of attacks coincided with the explosion of businesses across the globe who shut down their offices, thus leaving employees with working from home as their only option. 

How Hackers Attack Remote Users

Generally speaking, hackers attack remote users in two forms. Of course, virtually every computer task begins with a user entering in their login information. If a hacker can gain login information from someone working remotely, it is that much more difficult to detect if the login is coming from a legitimate remote worker or if the user logging in is a threat to the company. With remote workers sometimes living long distances away from where their physical office building resides, or if they decide to go to a vacation home or to a relative’s home in another state, it is almost impossible to determine whether a user is legitimate or not based upon geographical location.

The second form of attack which is sometimes easier to spot, has been given the name of suspicious “superhuman” logins. This occurs when multiple login attempts are noted in a very short span of time from regions scattered throughout the world.

For companies who don’t have any employees working across the globe, these types of logins are fairly obvious to spot as suspicious. However, for companies who do have staff members distributed throughout large regions, these types of attacks can still present a challenge.

Solutions

Thankfully, there is a relatively easy solution already available that can bring successful login hacking attempts down to almost nil. Two-factor authentication procedures are essentially a must for any company that has employees who work from home. When an employee has to verify their login by entering a code sent to their phone, this eliminates virtually anyone attempting a break in by way of the login process.

Of course, employers must also train their remote-work employees to be extra diligent in discerning whether someone truly is who they say they are. Hackers can easily find out which businesses have closed their public offices and often businesses will list key personnel along with their email on corporate websites.

Under these types of circumstances, it would be easy for a hacker to impersonate someone in the company, then send a phishing email that looks like an official email from someone high up in the company, to an employee working remotely at home.  Companies can address this by instructing employees to verify identification by phone, prior to releasing any sensitive data or monetary funds. 

If you would like to know more about keeping corporate data safe and secure while employees are working from home, please contact us!

Why Business Owners Are 12x More Likely To Be a Cyber Target

As a business owner, you have enough to worry about. 

Now, you have to worry about being a cyber target, too.  But, what does it mean to be a cyber target?  Is there something more you should do?  Your business already has a firewall and anti-virus software.  Isn’t that enough?  Your business isn’t a multinational corporation, after all.

Cyber Target

You and your business are a target because hackers want a return on investment (ROI).  The days of a lone hacker are long gone; instead, cybercriminals form groups, operating as a crime syndicate.  They identify profitable targets and set their considerable resources to complete an attack.  If you are identified as a target, odds are you, and your organization will be attacked.

Business owners, especially of small-to-mid-sized companies, are considered prime targets because:

  • They are extremely busy and more likely to click on a link or download a file without looking at the sender.
  • Their company’s cybersecurity is less stringent than larger organizations.

The latest statistics on cybercrime show that:

  • 43% of cyberattacks target small businesses.
  • Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, or attacks as highly effective.
  • 60% of small companies go out of business within six months of a cyber attack.

None of those statistics are good news for business owners.  What are some of the threats that take advantage of an executive’s busy schedule?

Cyber Threats

Most cyberattacks begin with a phishing email.  A phishing email tries to entice the recipient to click on a link or open an attachment, which is designed to either collect data, deploy malware, or provide access to an organization’s network.

Spearphishing

Spear phishing is targeted phishing.  A cybercriminal sends an email that appears to be from a trustworthy source.  The recipient clicks on a link or downloads an attachment.  When the recipient is a business owner, the hacker acquires access to a higher level of data and credentials, making it easier to obtain valuable information. 

Executives aren’t always as careful about checking the sender of an email as they should be.  There’s always so much to get done.  It’s easy to be distracted checking emails on the run.  Sometimes the cybercriminals want access to the network so they can make a more profitable cyberattack such as a business email compromise (BEC).  Often, they deploy ransomware, which is still the most popular form of cyberattack. 

Ransomware

Ransomware is a form of malware that prevents end-users from accessing their data. To restore access, the business must pay a ransom. The latest ransomware wipes out shadow volumes, security event logs, and backups, making it harder to find the malware or to restore the system.  If a cybercriminal can deploy the latest ransomware, your organization will pay the ransom.  That’s why, everyone should be vigilant when checking email.

Cybersecurity

If you want cybersecurity to be a priority, the process has to begin with you, the business owner.  Employees need affirmation that cybersecurity is central to business operations.  They must see that leadership is participating to believe that cybersecurity is everyone’s responsibility.

To secure your business, start with these steps:

  • Create a plan for how your data is gathered, managed and stored
  • Determine who should have access to what data and limit access to those individuals. 
  • Identify your critical vulnerabilities and how to mitigate any possible attacks. 
  • Provide ongoing training to your employees

If you need help designing and deploying a cybersecurity plan, contact us.  We are ready to help.

Watch Out for Cyber Attacks this Holiday Season

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.

4 Common Sources of Computer Viruses

4 Common Sources of Computer Viruses

When you think of computer safety, the first thing that comes to mind is avoiding and preventing computer viruses. Everyone knows that a computer virus can destroy your laptop to the point where it’s completely non-functional. If it hasn’t happened to you before, then it’s happened to someone you know.

The thing is, we never really talk about how we get viruses in the first place. You probably have a firewall on your computer, but you should still know where viruses come from.

In general, viruses attack through four mediums. Even though you typically use them every day, there’s still steps you can take to protect your computer.

Internet

An obvious way to get a computer virus is through the Internet. You should always exercise caution before you download any file or document. Always check the source and be particularly careful of .exe files. At any rate, use an anti-virus software to scan all files before downloading.

Email

Besides randomly downloading files on the Internet, email is the next most common source of viruses. Be careful of downloading email attachments that are forwarded to several addresses. If you receive an out-of-character message from a friend or family member, send the email right to your spam folder.

Removable Storage

Viruses from removable storage may not occur as frequently as the from the aforementioned sources, but it’s still a possibility. Don’t let just anybody plug a flash drive into your computer. And when they do, have the files checked by an anti-virus software.

Bluetooth

Even less common than from removable storage, viruses can also come from bluetooth transfers. You can unknowingly have a virus transferred to your computer through a bluetooth transfer. Again, the answer is to use an anti-virus software to check all files gained through file transfer.

To learn more about computer viruses and how to keep your computer safe, please contact us.

Now Safely Use Any Internet Connection with a VPN

Now Safely Use Any Internet Connection with a VPN

You may have already heard some of the hype about Virtual Private Networks. VPNs work by masking the user’s IP address so their true identity and location remain unknown. They permit anonymity and keep others from tracking web activities. The internet connection is rerouted through remote servers to accomplish this. Governmental and geographic boundaries can often be circumvented. These networks bring possibilities of avoiding censorship and allow anonymous material downloading or streaming.

For those in both the business and personal worlds, one of their greatest benefits is the ability they give to utilize public WiFi networks safely and securely. Rapid, secure, effective communications are now possible anywhere internet connections exist.

Public WiFi Use Risks

How many businesses have representatives who work out of the office in one capacity or another? The short answer is a substantial percentage, with the amount continuing to increase. Personal or business emails, phone communications, chat room conversations, and passwords were all at severe risk from hackers in public WiFi areas until the coming of VPNs. With a VPN, business can be conducted by company representatives anywhere without fear of these hackers stealing valuable information. And personal use is safe as well.

How VPNs Work

How does a VPN work? The Virtual Private Network not only masks your identity and location, it utilizes encryption to secure your data. This encryption can only be decrypted by legitimate recipients in the network. Think of it as a secure information passageway, accessible only to those with proper credentials and encryption. This secure information passageway makes any information virtually impossible to hack.

Business and Personal Benefits

Communicating important information more securely, quickly, and concisely has always been an advantage. In centuries past, distant armies sometimes waged war for extended periods after hostilities ceased because communications were so glacially slow. When the telephone was first invented, nobody had any idea how its vast communication networks would change the world. The same was true with computer technology. Advances in computer and communication technology tend to build on earlier technology, to be cumulative. VPNs are certainly another forward step that brings significant advantages to both business and personal computing.

Contact 4 Corner IT today to find out more about VPNs or IT support for the latest in computer technology.