Taking work home, or practically anywhere, has never been easier. The bring your own device (BYOD) strategy has become a popular approach for many businesses to conduct work more efficiently and flexibly. But this strategy is not without risks. BYOD, if not implemented correctly, can make your system susceptible to a number of attacks. Here Learn More “4 Security risks of the BYOD strategy”
Although the occasional three-minute YouTube video never hurts anyone, wasting hours of your working day on these websites reduces productivity. When it comes to increasing employee productivity, keeping a close eye on their internet behavior reaps various benefits.
Internet monitoring software saves employees from visiting entertainment, gaming, or online shopping sites by restricting access to them. Internet monitoring software doesn’t necessarily block access to social media sites, but it lets your employees know that you’re monitoring their internet activity. This is aimed at discouraging them from taking prolonged visits to their Facebook, Twitter or Instagram page.
The internet hosts plenty of unsavory links and websites. Employees who haphazardly click phishing links or access malware-ridden pornography sites can put your business at risk. Working with infected machines can slow down the entire system and, in some cases, completely halt operations. By using internet monitoring tools, you can restrict access to dangerous websites and identify reckless employees who access them and remove their internet privileges, if necessary.
Even while using the internet for the right purposes, bandwidth can be used up quickly. Internet monitoring gives you up-to-the-minute reports on staff’s bandwidth usage. Once you have a clear understanding of your company’s overall bandwidth usage, you can better control internet expenditure. Ultimately, this feature allows you to prioritize bandwidth for critical business applications and reduce bandwidth for less necessary websites.
Internet monitoring software may be a powerful tool, but it should be used responsibly. As a business owner, you need to walk a fine line between over-surveillance and under-surveillance. What you should do is establish a clear internet policy, which should explicitly define the disciplinary measures to be dispensed on anybody who goes against the company’s internet policy. You should also deal with time-wasting employees on a case-by-case basis because it’s unreasonable to remove everyone’s Facebook privileges because one or two abused theirs.
Employee productivity can be difficult to achieve, especially with the proliferation of the so-called “procrastination software.” But with web monitoring software, you can truly get your business — and your employees — back on track. Looking for more ways to increase business productivity with technology? Give us a call. We’ll be happy to make suggestions.
In May, security experts discovered one of the most widespread malware infections in history. Now, they’re warning businesses and consumers that it’s even worse than their first assessment. The VPNFilter malware poses a threat to small businesses and requires immediate attention from anyone who hasn’t taken action against it.
A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.
Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.
As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.
Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.
Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.
Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise. Call us today to learn more.
A week ago, leading cyber threat intelligence team Cisco Talos reported that no less than 500,000 IoT devices in up to 54 countries were infected by new malware called VPNFilter. An earlier version, believed to be launched by a nation-state, targeted Ukraine.
Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.
In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.
Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.
In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.
According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.
On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.
Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.
To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.
For their part, Talos offers the following recommendations:
Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.
With evolving technology comes evolving threats. Recently, a researcher revealed that a new type of scam freezes Google Chrome and tricks users into believing that their network security has been compromised. Little did they know that following instructions listed on the screen will lead to an actual security breach.
The scam works by displaying an error message indicating a bogus security breach incident that renders a browser unusable. These scammers capitalize on the fact that a serious crash can’t be solved by simply closing the site, thereby sending the users into a panic. This encourages them to dial the number listed on the warning message.
On the other end of the line, the scammers would pose as Microsoft or Apple representatives to convince users into surrendering their credit card details to repair a non-existing security issue. The scams are generally carried out through legitimate sites or malicious ads that have been hacked.
This new scam operates against Chrome by corrupting the window.navigator.msSaveOrOpenBlob programming interface, which basically uses it as a form of distraction. The hackers manipulate the browser and forces it to save a random document on a disk repeatedly at super fast intervals that are impossible to notice. After five to 10 seconds, Chrome will be completely unresponsive.
To recover, Windows users simply have to open Windows Task Manager (press ctrl + shift + esc keys) and stop the process there. On the other hand, macOS users just need to wait until a system message prompts them to close the unresponsive Chrome tab. Typically, the latter is a more appealing option since users would have the freedom to close only the corrupted page. Manually closing the whole browser means possibly losing unsaved files in any open Windows.
When faced with IT-related issues, you need to determine how you can approach them calmly. The threats in the digital world may be terrifying and intimidating, but causing a panic in your workplace isn’t the answer. Call us as soon as any problems arise, and we’ll help you as soon as we can. We can even hook you up with other security measures to beef up your network security.
Cryptocurrencies like Bitcoin and Monero are so popular because they’re secure and potentially worth thousands of dollars. But investors and consumers aren’t the only ones interested in them. Hackers are using malicious tactics to steal cryptocurrency, and they’re doing it with something called cryptojacking.
Hijacked hardware
Cryptojacking secretly uses your computer to calculate complex mathematical problems to generate cryptocurrency. They get inside by using phishing emails to lure victims into clicking on a link, which then runs malicious cryptomining programs on the computer. Any cryptocurrency produced then gets delivered to the hacker’s private server.
But hackers have developed an even more insidious tactic. By infecting websites with ads and plugins that run cryptojacking code, any visitor who loads the web page instantly gets infected with the malware, sending their computer’s processor into overdrive trying to generate cryptocurrency.
Unlike most malware, cryptojacking software won’t compromise your data. But it will hijack your hardware’s processing power, decreasing performance while increasing your power and cooling bills. So instead of paying for the computing power themselves, hackers can simply use thousands of compromised computers.
Surge in cryptojacking
It’s difficult to tell how much hackers are making with cryptojacking, but there’s a good chance that this type of attack will be as popular as ransomware was in 2017. In fact, for as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them.
According to several reports, even sites like The Pirate Bay, Openload, and OnlineVideoConverter are allegedly using cryptojacking exploits to diversify their revenue streams.
The biggest reason why this is becoming so popular is because it’s a low-risk, high-reward scheme. Instead of extorting money directly from the victim, hackers can secretly generate digital currencies without the victim knowing.
If it is detected, it’s also very hard to track down who initiated the attack. And since nothing was actually “stolen” (other than a portion of computing power), victims have little incentive to apprehend the culprit.
Prevention and response
To avoid cryptojacking, you need to incorporate it into your monthly security training sessions. Teach your employees to practice extra caution with unsolicited emails and suspicious links. Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected.
Beyond prevention, use network monitoring solutions to detect any unusual behavior with your computers. For example, if you notice a significant number of PCs running slower than usual, you should assume that cryptojacking is taking place.
If you’ve confirmed that it is, advise your staff to close browser tabs and update browser extensions as soon as possible.
Cryptojacking may seem less threatening than some malware we’ve discussed in the past, but it can incur real power, cooling, and performance costs to your business when several systems are compromised. To make sure you don’t end up enriching any hackers, call us today. We offer hardware solutions and cybersecurity tips to keep your business safe and sound.