How Prevent Your Network from Being Sold By Hackers

Locked computer ransomware with hands holding money and key flat vector illustration

Believe it or not, your organization’s network can be sold by hackers under the right circumstances. This is the unfortunate reality that we live in, where the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. If you have your business’s network sold by hackers, it could create a snowball effect of events that can lead to your business’s downfall. Therefore, you must do everything in your power to protect your network and prevent this from happening.

This report from KELA followed Initial Access Brokers, a term used to describe threats that sell access to compromised network infrastructures. These threats are big players in the world of cybercrime, as they can effectively facilitate some of the most devastating threats out there, including ransomware and remote access threats. The report examined one full year of listings by Initial Access Brokers to discover how much value can be assigned to this type of network access.

It is quite shocking to see just how little value is associated with access to your network. Out of the 1,000 listings, KELA found that the average price of network access credentials was about $5,400, with the median price being around $1,000. Other trends examined included the average price of credentials, as well as information on industries affected and countries affected. The top countries affected were the United States, France, the United Kingdom, Australia, and Canada. Top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just take a moment to imagine how much chaos someone could inject into your business simply by purchasing access to your infrastructure. All it takes is a small investment and access to a VPN for someone to start causing some real trouble for your business. There are quite a few ways that you can minimize the damage done through these methods, including the following:

  • Implement comprehensive security measures

    In terms of sheer security, we recommend unified threat management, or UTM, to handle most of the threats your business could face. This all-in-one solution includes security measures such as a firewall, antivirus, content filter, and spam blocker to minimize exposure to threats.

  • Monitor your network traffic

    If you keep track of who logs onto your network, when, and where they are logging in from, you’ll have a greater chance of identifying suspicious traffic patterns.

  • Implement multi-factor authentication

    Password security is still important, but not nearly as important as having additional measures in place. Multi-factor authentication can help make sure that people logging into your network are who they say they are.

  • Take regular backups of your infrastructure

    You never want to use your data backup, but having it never hurts, and it will give you a nuclear option in the event that someone does manage to gain unauthorized access to your network.

If you have your business’s network sold by hackers, it can damage your business’s entire operations. To learn more about how you can protect your business, reach out to us at (954) 474-2204.

Phishing Attacks in 2021 Trending Due To Pandemic

credit card phishing - piles of credit cards with a fish hook on computer keyboard

Hackers have made some nefarious choices over the past several months, many of which involve using the COVID-19 pandemic to spread their influence and steal data through the use of phishing attacks. Let’s explore how these cybercriminals have leveraged a global disaster to their benefit and some ways that you can keep your business secure.

According to SecureList, spam and phishing trends in Q1 of 2021 were heavily influenced by the COVID-19 pandemic, and not in a good way. Here are a few examples of the major threats that surfaced during this time.

Stimulus Payment Scandals

Early 2021 saw many initiatives by government agencies to suppress the financial burden placed on individuals and businesses through the use of economic impact payments and business bailouts. Hackers, of course, wanted to capitalize on this and began using phishing messages to trick people. Targets received messaging that was often specific to their bank and utilized similar branding to official websites. These efforts were all elaborate tricks to convince users to hand over their credentials. Users would unsuspectingly enter their credentials into forms on these fake websites and put their sensitive information at risk.

The Vaccine Race

Back when the COVID-19 vaccine was in short supply or the supply itself was limited to specific groups of people, there was a bit of a race to get to it. This rush created an opportunity for hackers to capitalize on peoples’ desires for security and safety, and they leveraged phishing schemes that used the vaccine to their advantage. They would use language and branding of official health organizations to convince users to click on links in emails, which would then redirect users to fake websites for harvesting credentials or banking information. Even those who got the vaccine received surveys offering free goods in exchange for information.

What You Can Do

It’s no surprise that cybercriminals are using these tricks to subvert security measures. These types of attacks are just more of a string of phishing attacks that must be kept up with in order to maintain network security. Here are a couple of ways that you can make this happen.

  • Utilize Spam Protection: While they aren’t 100 percent effective all the time, spam filters are great for keeping threats out of your inbox. The most advanced phishing attacks could still make their way into your inbox, which is why we recommend taking multiple measures of network security.
  • Train Your Employees: If messages do make it past your spam filter, you will want those who are reading the messages—your employees—to be able to identify the threat and avoid it at all costs. This is where training comes in.
  • Implement Unified Threat Management: Unfortunately, even the best employees will make mistakes, so you will want to have a contingency plan in place for when accidents happen. A UTM gives you just that with a single all-in-one security solution for your network security.

4Corner IT can help your business approach network security in a responsible manner, implementing the best solutions and constantly testing your employees’ awareness of important security practices. To learn more about how we can help you protect your business, reach out to us at (954) 474-2204.

6 Cyber Security Must-Haves for Remote Work

6 cyber security must haves for remote work

The quick transition to remote work that many companies have had to make has revealed security risks that IT professionals are not able to monitor or correct as closely as they would be able to when employees work in-house. To mitigate these risks and protect data, employees will need to follow security best practices and abide by the requests made by IT. Fortunately, skills and security measures like the following that employees will need during these times help not only their employers in the present but protect them from personal security risks in the future. 

Secure Wi-Fi

The convenience provided by an open wireless network doesn’t mitigate the risk of sensitive data falling into the wrong hands, and this applies to personal financial information as much as it does to data relating to work. Employees will need to secure their home wireless networks with the most advanced protection available to them. Users should also have the latest firmware.

Encrypted Traffic

IT departments can consider a virtual private network, or VPN, on top of secured wireless networks to encrypt all traffic data. There are downsides to VPNs, however, including slower connection speeds. Some users may not like that their employer can monitor their network usage with a VPN, either.

Phishing Prevention

It doesn’t matter if a company uses the most advanced security software or the most impenetrable hardware if the user is the weak point. Employees should undergo training to detect and avoid phishing scams and their various modes — phone, text, and email —  before working remotely, even if they’ve already issued this training in the past.  All it takes is a careless click to give access to a user’s login information.

Fortunately, modern security software can even warn about potential phishing attacks.

Smart Password Usage

Not only is it risky to use the same password and username for multiple websites, but choosing simple passwords that are easy to crack also puts a user at risk. Because users won’t necessarily opt for best practices such as strong passwords that they periodically change, companies should ensure that their software systems require these password security measures and even use password managers to generate and store strong passwords. Businesses should also encourage two-factor authentication, which requires that users enter a second code that is typically sent via email or text, to log in.

Company-Issues Devices

Many of the risks listed above can be minimized when a company issues devices that prevent unauthorized changes and have the appropriate software installed so that employees have all the resources necessary to complete their jobs. Sending employees home with company devices keeps sensitive data away from personal devices, which may be less secure and more likely to be compromised, and companies can install enterprise-level security software to prevent malware and phishing attacks. 

If this is not possible, companies should set standards for which devices can be used, including software and hardware requirements, to ensure the devices being used are as secure as possible and to avoid the risk of “shadow backups” to personal cloud storage accounts.

Data Backup

Assuming that users abide by security best practices and a company’s software is set up securely, there is always the risk of hard drive or another mechanical failure, which is why a company must have a plan in place to back up data. Many companies opt for cloud storage, a solution that is especially useful when the office is inaccessible; however, some choose physical servers that their IT team members maintain themselves. 

Companies that want to increase security measures for remote workers or ensure that their systems are secure enough for telecommuting can contact us for a cybersecurity analysis.

Secure Email Solutions for Your Business

secure email solutions

We certainly live and work in challenging times these days. With an acceleration in hacking attempts, data thieves, etc. since the beginning of the pandemic, it’s more important than ever for companies to ensure they are doing everything they can to protect themselves from potential security issues. Of course, one of the ways that users are communicating with each other and their clients even more, is by way of email. Whereas before an employee may simply have walked over to a co-worker’s desk for a work-related conversation, now many employees are working remotely, thus increasing the likelihood they may be exposed to a security threat. If they haven’t already done so, now is the time for companies to review the options for secure email solutions.  

Layered Solutions  

As the title of the article implies, it’s not enough anymore to have one security solution. Companies must think in terms of multiple security solutions, and that means layering their security coverage. In terms of email security, it’s not enough anymore to rely only on the security tools provided by the email giants such as Google or Microsoft. While these companies do offer basic types of coverage that provide some protection, smart organizations are wise to consider adding another layer of protection for their email correspondence, by way of a third party vendor that specializes in cloud-based email security.

What to Look For

When looking for third party security packages, a good solution will encompass several key components in order to address several email-specific security vulnerabilities.

Ransomware Attacks

Ransomware is a type of malware that takes over and encrypts a victim’s device or information, and it is becoming an increasingly popular type of email attack. A good email security solution will outline how it stops these types of attacks before the hacker can follow through.

Internal Threat

With more and more employees working from home, it does become more of a challenge for companies to track their employees and their actions. Whether by accident or a deliberate attempt by a malicious employee to expose sensitive corporate data, a third party email solution can block outbound email-based connections before they occur.

Spear Phishing

Hackers often use tactics such as spear phishing in an attempt to confuse an employee into clicking on a malicious link. Many hackers will take a substantial amount of time to study a company. They then attempt to impersonate someone either high up in the company they want to exploit, or someone from another other business or vendor with which they work closely. Employees not used to working remotely may feel someone isolated and alone, and just enough out of their routine to click on a link that seems legitimately sent by someone in management, when it’s not.

A good third party email solution will employ custom security controls based on correspondence patterns, location and normal activity, thus preventing employees from trying to follow through on an unusual request.

Benefits 

Third party software security applications can save both regular employees and IT team members from having to manually fend off spam, malicious attachments, dangerous file types and suspicious impersonation attacks. In addition to reducing the amount of time that employees spend on these types of threats, they also have other benefits. Cloud-based email security solution packages can provide email backup and recovery, in addition to streamlining the management, availability, and retrieval of emails through cloud-based archiving. Some companies also find great benefit in the ability of a security package to handle e-discovery and compliance issues by offering specialized tools to meet their regulatory requirements.

We’re Here to Help

If you need assistance in reviewing the current level of email security protection in your organization, we can help.

Contact us today for more information on how security layering can provide the protection and peace of mind your company is looking for. 

Watch Out for Cyber Attacks this Holiday Season

watch out for cyber attacks this holiday season

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.