Hackers Target Cloud Services in the New Normal

hackers target cloud services in the new normal

Many employees all over the world have benefited from the recent pandemic’s ability to push millions into working remotely from home. With decreased commute times and the ability to work in a more casual environment, many employees are probably hoping to continue to work remotely for some time to come. While employees may be happy with their working arrangements, the different working environment presents some definite challenges for those working in the area of technology security. Always operating as opportunists hackers target cloud services and the influx of remote workers, hoping to find a way into the cloud in order to steal data and wreak havoc, which in turn increases costs and/or headaches for organizations.

The Target

Hackers know where to find golden information and with remote users, the gold is found in the Cloud services they use. According to recent stats gathered by McAfee, attacks on Cloud services increased by 630 percent between the months of January and April of this year! It doesn’t take much to conclude that this phenomenal number of attacks coincided with the explosion of businesses across the globe who shut down their offices, thus leaving employees with working from home as their only option. 

How Hackers Attack Remote Users

Generally speaking, hackers attack remote users in two forms. Of course, virtually every computer task begins with a user entering in their login information. If a hacker can gain login information from someone working remotely, it is that much more difficult to detect if the login is coming from a legitimate remote worker or if the user logging in is a threat to the company. With remote workers sometimes living long distances away from where their physical office building resides, or if they decide to go to a vacation home or to a relative’s home in another state, it is almost impossible to determine whether a user is legitimate or not based upon geographical location.

The second form of attack which is sometimes easier to spot, has been given the name of suspicious “superhuman” logins. This occurs when multiple login attempts are noted in a very short span of time from regions scattered throughout the world.

For companies who don’t have any employees working across the globe, these types of logins are fairly obvious to spot as suspicious. However, for companies who do have staff members distributed throughout large regions, these types of attacks can still present a challenge.

Solutions

Thankfully, there is a relatively easy solution already available that can bring successful login hacking attempts down to almost nil. Two-factor authentication procedures are essentially a must for any company that has employees who work from home. When an employee has to verify their login by entering a code sent to their phone, this eliminates virtually anyone attempting a break in by way of the login process.

Of course, employers must also train their remote-work employees to be extra diligent in discerning whether someone truly is who they say they are. Hackers can easily find out which businesses have closed their public offices and often businesses will list key personnel along with their email on corporate websites.

Under these types of circumstances, it would be easy for a hacker to impersonate someone in the company, then send a phishing email that looks like an official email from someone high up in the company, to an employee working remotely at home.  Companies can address this by instructing employees to verify identification by phone, prior to releasing any sensitive data or monetary funds. 

If you would like to know more about keeping corporate data safe and secure while employees are working from home, please contact us!

Hackers Target Businesses: Owners 12x More Likely To Be a Cyber Target

hackers target businesses owners 12x more likely to be a cyber target

As a business owner, you have enough to worry about. But a new statistic stating hackers target businesses owners over 12x, now you have to worry about being a cyber target, too. But, what does it mean to be a cyber target? Is there something more you should do? Your business already has a firewall and anti-virus software. Isn’t that enough? Your business isn’t a multi-national corporation, after all.

Cyber Target

You and your business are a target because hackers want a return on investment (ROI).  The days of a lone hacker are long gone; instead, cybercriminals form groups, operating as a crime syndicate.  They identify profitable targets and set their considerable resources to complete an attack.  If you are identified as a target, odds are you, and your organization will be attacked.

Business owners, especially of small-to-mid-sized companies, are considered prime targets because:

  • They are extremely busy and more likely to click on a link or download a file without looking at the sender.
  • Their company’s cybersecurity is less stringent than larger organizations.

The latest statistics on cybercrime show that:

  • 43% of cyberattacks target small businesses.
  • Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, or attacks as highly effective.
  • 60% of small companies go out of business within six months of a cyber attack.

None of those statistics are good news for business owners.  What are some of the threats that take advantage of an executive’s busy schedule?

Cyber Threats

Most cyberattacks begin with a phishing email.  A phishing email tries to entice the recipient to click on a link or open an attachment, which is designed to either collect data, deploy malware, or provide access to an organization’s network.

Spearphishing

Spear phishing is targeted phishing.  A cybercriminal sends an email that appears to be from a trustworthy source.  The recipient clicks on a link or downloads an attachment.  When the recipient is a business owner, the hacker acquires access to a higher level of data and credentials, making it easier to obtain valuable information. 

Executives aren’t always as careful about checking the sender of an email as they should be.  There’s always so much to get done.  It’s easy to be distracted checking emails on the run.  Sometimes the cybercriminals want access to the network so they can make a more profitable cyberattack such as a business email compromise (BEC).  Often, they deploy ransomware, which is still the most popular form of cyberattack. 

Ransomware

Ransomware is a form of malware that prevents end-users from accessing their data. To restore access, the business must pay a ransom. The latest ransomware wipes out shadow volumes, security event logs, and backups, making it harder to find the malware or to restore the system.  If a cybercriminal can deploy the latest ransomware, your organization will pay the ransom.  That’s why, everyone should be vigilant when checking email.

Cybersecurity

If you want cybersecurity to be a priority, the process has to begin with you, the business owner.  Employees need affirmation that cybersecurity is central to business operations.  They must see that leadership is participating to believe that cybersecurity is everyone’s responsibility.

To secure your business, start with these steps:

  • Create a plan for how your data is gathered, managed and stored
  • Determine who should have access to what data and limit access to those individuals. 
  • Identify your critical vulnerabilities and how to mitigate any possible attacks. 
  • Provide ongoing training to your employees

If you need help designing and deploying a cybersecurity plan, contact us.  We are ready to help.

Watch Out for Cyber Attacks this Holiday Season

watch out for cyber attacks this holiday season. technology challenges

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.

Now Safely Use Any Internet Connection with a VPN

now safely use any internet connection with a vpn

You may have already heard some of the hype about Virtual Private Networks. A VPN works by masking the user’s IP address so their true identity and location remain unknown. They permit anonymity and keep others from tracking web activities. The internet connection is rerouted through remote servers to accomplish this. Governmental and geographic boundaries can often be circumvented. These networks bring possibilities of avoiding censorship and allow anonymous material downloading or streaming.

For those in both the business and personal worlds, one of their greatest benefits is the ability they give to utilize public WiFi networks safely and securely. Rapid, secure, effective communications are now possible anywhere internet connections exist.

Public WiFi Use Risks

How many businesses have representatives who work out of the office in one capacity or another? The short answer is a substantial percentage, with the amount continuing to increase. Personal or business emails, phone communications, chat room conversations, and passwords were all at severe risk from hackers in public WiFi areas until the coming of VPNs. With a VPN, business can be conducted by company representatives anywhere without fear of these hackers stealing valuable information. And personal use is safe as well.

How VPNs Work

How does a VPN work? The Virtual Private Network not only masks your identity and location, it utilizes encryption to secure your data. This encryption can only be decrypted by legitimate recipients in the network. Think of it as a secure information passageway, accessible only to those with proper credentials and encryption. This secure information passageway makes any information virtually impossible to hack.

Business and Personal Benefits

Communicating important information more securely, quickly, and concisely has always been an advantage. In centuries past, distant armies sometimes waged war for extended periods after hostilities ceased because communications were so glacially slow. When the telephone was first invented, nobody had any idea how its vast communication networks would change the world. The same was true with computer technology. Advances in computer and communication technology tend to build on earlier technology, to be cumulative. VPNs are certainly another forward step that brings significant advantages to both business and personal computing.

Contact 4 Corner IT today to find out more about VPNs or IT support for the latest in computer technology.

The Newest Extortion Scams Are Using Your Own Passwords as Bait

the newest extortion scams are using your own passwords as bait
Using Your Passwords

Internet scams have become more and more sophisticated. Thus, extortion scammers have found a new piece of bait by which to hook internet users. The bait is their old passwords. These extortion schemes often claim that someone has the person’s compromising information. Then they say are happy to help get that information back if the person is willing to pay.

The person coughs up the cash, fearing that their information may be compromised. This is in order to protect information that the person claimed they should protect. The catch? The entity that they claim meant harm never had any of the person’s information in the first place. Then, people believe that scammers are burrowed deep in their computers. They believe they are getting a hold of the person’s private information. Many scammers even demand that the payments be made in Bitcoin. Otherwise they refuse to carry out “the job” of stopping hackers purportedly have the person’s personal information. (Really, they don’t have their information at all – the said person burrowing in the person’s computer doesn’t even exist).

What Can I Do To Avoid Extortion Scams?

We offer the following advice to people who have had issues with these kinds of scammers in the past. It is to help them avoid having issues with these same scammers in the future:

  • Scammers will generally want to rush the person into making hasty decisions. Thus, will pressure you to pay them immediately for their “services”. However, if you have any feelings that the person with whom you are talking is not for sure authentic, authorities encourage you not to give them any information as it encourages them to keep on scamming other people after they are successful with you.
  • Once you realize that you have been scammed, change your passwords immediately. Moreover, use different passwords for all online accounts and be sure to require Two-Factor Authorization when it’s an option.
  • Do not have any further communication with anyone who you think is a scammer.
  • Always update your antivirus software and other operating systems to give the scammers less of a chance at getting at your personal information.
  • Cover your webcam at all times when you are not using the device.

Remember, scammers only need to be successful with a fraction of the people with whom they engage in order to be successful at what they do. They will make this a lucrative process which will only continue encouraging them to scam more and more innocent, unassuming people into believing their lies.

In the end, the next scamming issue is the fact that these people claim to have your old passwords and will use that as bait to try to get you to pay them to help “protect your personal information” as they will claim. In these cases, these people don’t have any of your personal information in the first place. They are simply scammers out trying to get money off of you and they will do absolutely nothing for you in return.

For more information on the latest scams that you need to watch out for please feel free to contact us at 4 Corner IT for further assistance.