Archive for the ‘Security’ Category

HTTPS or Not

Posted by Mark Holmes

Security

Many of you know about the popular website called LinkedIn. It’s a sort of social network for businesses and people looking to make contact with each other. You can post your detailed resume to the site so potential employers can easily see things about you. It also allows you to network with others, which could be beneficial in landing that job that you want.

Well, just as other sites have fallen victim to cyber-attacks recently, it has been brought to light that LinkedIn had been particularly vulnerable from past years till earlier this year and it had been up to the end-user to make it not vulnerable. By default your login had started with an HTTPS connection and ended with a non-HTTPS connection. What this means is if there was someone on your home network, the local coffee shop you like to frequent, or any other open network, wireless or wired, that you had been using, they could have easily grabbed your login name and password without you even knowing.

While no financial data is on your LinkedIn account, a would-be attacker could gather quite a lot of information on you that would be very helpful in breaking into other accounts you have elsewhere.  LinkedIn has stated that all customers in the U.S. and E.U. have been now protected against these types of attacks, called “man in the middle,” starting in February of this year, with HTTPS connections always on by default. What is unclear and why this has been brought to light is that customers from any other area of the world maybe still unprotected with no HTTPS connections by default.

While this is a fairly standard issue in terms of security, it brings up a good point. You should always be checking sites that you log into that store personal information or are otherwise critical always use HTTPS connections, not just when you login. This type of connection encrypts any and all traffic that is sent from your computer browser to the hosting server of the site. You have to make it that much more difficult for attackers to successfully gain access to your information.

To do this on most sites, including LinkedIn (if they don’t use HTTPS already automatically), you simply go to your account and settings looking for the option to enable HTTPS connections. Most sites these days do this automatically but even some that you wouldn’t expect (LinkedIn in this case) still do not and leave this up to you, the end user, to do.  However it is still good to make sure this is working for you.

Stay Safe!

XP – The Real Cost

Posted by Mark Holmes

XP Ends

You wouldn’t leave your car or house unlocked for thieves to break into.

So why do so with one of your business’s most important pieces of equipment – your computer network?

That in essence is what you are doing when you continue to run Windows XP two months after Microsoft discontinued its support of that operating system.

(Systems with Microsoft Security Essentials and its aligned Malicious Software Removal Tool will continue to receive anti-malware signature updates through July 14, 2015. But that shouldn’t be confused with the operating system itself being protected.)

What does end of support mean for the 25 percent of businesses still using XP? No new security updates, non-security patches, fee or paid support options or online technical content updates starting April 9, 2014.

The wisest solution is to upgrade to a machine with Windows 7, 8 or 8.1 (Windows Vista will hit the end of its life in 2017, making it not a viable long-term answer).

But that means substantial upfront cost, an option that’s unattractive to many business owners. So they will stick with what they have, cross their fingers and hope for the best.

While running XP until the hardware it is installed on fails may seem like the least-expensive short-term solution, other potential problems need to be factored into the cost.

Security should be uppermost among those concerns. Without critical security updates, your network may become more vulnerable to harmful viruses, spyware and other malicious software which can steal or damage business data. Even before the loss of updates, XP already had a significantly higher infection rate than other operating systems.

Second, businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements.

Finally, software vendors will stop supporting their products running on XP and hardware manufacturers will stop supporting XP on existing and new hardware.

So keeping XP becomes more expensive, not just in terms of maintenance, but also from potential infections and lost productivity.

HCP recommends migrating to a newer machine preloaded with a newer operating system (OS). This is usually more cost effective than trying to upgrade an old machine with a newer OS and avoids the risk of slowing down your machine with a more modern version of Windows.

Stay safe.

Cryptolocker – What is one to do?

Posted by Mark Holmes

CryptoLocker2

 

Unfortunately, as discussed in the last blog entry, Cryptolocker and the new variants of it are an encryption-based infection. This type of infection requires a preemptive and proactive approach to keeping your data safe. This is because once you have discovered the infection is on a system or systems, it is already too late in most cases. You may or may not have lost any or all of your files to the infection, depending on how quickly it is found.

This infection and its variants spread through spam emails mostly. It will usually present itself as a link for you to click in an email that has been crafted to look legitimate to an end user.  The file is usually contained in a zip archive either directly in the email or through a cloud storage account such as Dropbox. It is critical to frequently tell your end users the dangers of spam mail and to never click links to files in emails unless you know for sure that it is safe.  A good policy in place would be to disallow any .zip or .exe files to be used at all in company emails, therefore getting rid of one avenue of infection. For some business or end users, this may not work.

Education for these types of infections is key because they rely heavily on successful social engineering. Now even the best-educated users will at times make mistakes and you have to plan for this with these types of encryption infections.

It is only a matter of time before a system or network of systems will get one of these ransomware-type of infections no matter the security in place. Therefore it is absolutely critical to have a backup system in place to retrieve lost data. A variant of the Cryptolocker infection called Cryptowall takes the infection to a new level by deleting what is called the system-restore files in Windows that allow you to take your computer back to an earlier time and date. It also deletes the shadow copies that Windows keeps of files. Again this means you need to have a secure and effective backup system in place for your systems. The most critical thing is you need to know that the backups will work. Regular testing is mandatory to make sure you can get your data back. A good system means nothing if the restore process doesn’t work or work well.

Now one would ask is there more that can be done other than educating users on where this infection comes from and having a good backup system in place. As of right now, the industry is scrambling to come up with good defensive approaches to these types of infections. The regular antivirus scanners have been ineffective so far at stopping the infections or even detecting that it’s on a system.  Once it’s on a system, it’s almost too late.  Here at HCP Computers, we are drafting up a few proactive and on-demand measures to help keep these types of infections from happening in the first place. Contact us and we will schedule a time to discuss these measures. http://www.hcp4biz.com/contact/

First and foremost; educate, educate, educate and backup, backup, backup.

Stay Safe

Cryptolocker – What is it?

Posted by Mark Holmes

Crypto1

As many of you have probably heard, there is a security exploit out in the open called the Cryptolocker virus or Cryptolocker infection.

What is it? It is unlike normal viruses or malware that you may have had experience with before. The Cryptolocker virus is a piece of malware that holds your computer and its data at ransom. When you get the cryptolocker package installed on your machine, the first thing it does is look over your computer for user-created data files. These include all the typical files one would create with Microsoft Word, Excel, Powerpoint, text documents, documents created with any of the open source office replacement suites, PDFs, and just about any type of picture, video, or music files. Before, viruses would simply render these files useless by corrupting the file or deleting it. Cryptolocker is different in this regard.  It quickly and efficiently encrypts these user data files with a public/private encryption key set.

Now the encryption keys that Cryptolocker uses are just about unbreakable. This is because it uses a key anywhere from 2,048 bits to 4,096 bits. A key space this large would take a supercomputer many months if not years to break by trying one guess at a time. The creators of the Cryptolocker infection therefore hold your computer files at ransom with this encryption and demand money in order to get the decryption key and program you need to decrypt these files. This ransom fee has been anywhere from $1,000 to $3,000 depending on what the current rate of bit coins is to U.S. dollars and how many they demand. Paying the ransom is not a recommended choice obviously because it is expensive and you don’t want to be sending the creators your hard-earned money.

Cryptolocker is the original widespread infection that operates as an encryption ransomware. It was only a matter of time but Cryptolocker has started a trend in the virus/infection way of doing things. At this time and day, there has been an additional 10-plus similar but different encryption-based ransom infections found in the wild. Each have varying degrees of similarity to Cryptolocker, however some are even more dangerous and damaging. There’s even a version that has been discovered to run on android phones; currently Gingerbread os and above versions.  Unfortunately this looks to be a trend for the future as hackers/malware creators these days look to make the most money for the least amount of effort from their actions.

Check our next blog entry for directions on how to combat Cryptolocker.

Stay Safe

Scam – Tech Support Call

Posted by Mark Holmes

If tech support is calling you rather than the other way around, beware!

Phone Scam

 

Scam artists have a new tool that they will use to break into your computer – a phone. Someone will call; claiming to be a computer technician associated with well-known tech companies such as Microsoft, and will prey on your concerns about viruses or malware on your computer to fool you into giving him or her remote access or paying for unnecessary software.

Such a “tech” will dazzle you with a barrage of technical terms, and may even ask you to perform a series of tasks on your computer. After the “problem” has been “located,” this scammer may: 

  • ask you to give remote access to your computer and then make changes to your settings that could leave your computer vulnerable;
  • try to enroll you in a worthless computer maintenance or warranty program;
  • ask for credit card information so you will be billed for phony services — or services you could get elsewhere for free;
  • trick you into installing malware that could steal sensitive data, such as user names and passwords;
  • direct you to websites and ask you to enter your credit card number and other personal information.
  •  

The upshot: the scammer is trying to make money, not fix your computer.

MS Phone Scam

Your best defense: hang up!

Other tips:

  • Don’t give control of your computer to an unsolicited third party.
  • Do not rely on caller ID alone to authenticate a caller, as criminals spoof caller ID numbers.
  • Online search results, which can be manipulated, isn’t the best way to find technical support or get a company’s contact information. Instead, if you want tech support, give HCP a call at 207-848-9888 or visit our website http://www.hcp4biz.com and submit a support request. To locate company information, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card, financial information or passwords to someone who calls claiming to be from tech support.
  • Put your phone number on the National Do Not Call Registry (https://www.donotcall.gov).

 

If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:

  • Update or download legitimate security software and scan your computer, and delete anything it identifies as a problem. 
  • Change any passwords that you gave out, especially if you use these passwords for other accounts.
  • Give HCP a call at 207-848-9888 or visit our website http://www.hcp4biz.com and submit a support request.
  • If you paid for bogus services with a credit card or see other charges on your statement that you didn’t make, call your credit card provider and ask to reverse the charges.
  • If you think someone may have accessed your personal or financial information, visit the FTC’s identity theft website (http://www.consumer.ftc.gov/features/feature-0014-identity-theft). You can minimize your risk of further damage and repair any problems already in place.

Stay Safe

 

Social Engineering – What is it?

Posted by Mark Holmes

Social Engineering

Social Engineering – What is it?

Everyone probably has heard the term social engineering in the news a lot lately with the various cyber attacks, viruses, and scams going on. 

What is social engineering, one may ask?  While your first assumption would probably be that it has something to do with a social network such as Facebook or Twitter, this is not the case.  Social engineering is the deliberate and crafty attempts by hackers to gain access to your data by either tricking you or those that protect your data into handing it over. 

Social engineering is one of the biggest attack vectors these days, with security ever increasing.  It is the most often overlooked part of security and one of the easiest ways a hacker can gain access to your data with limited effort. 

How does it work?  A hacker tries to pose as a corporation, user, technician or someone else with a company or service to which you trust your data.  Usually attempts come in the form of an email or commonly a phone call.  What the hacker is looking to get is your access to the data, in the form of your passwords or the way you can reset these passwords, such as your private email address.  Often times these cyber-criminals will actually even try to pose as you, when calling a bank for instance. 

One of the recent cyber-frauds which are happening is domain name registration theft.  What happens here is a cyber-criminal scours the Internet usually by social networking to find out personal details on an individual that owns or controls a domain name.  This information is then very handy for the cyber-criminal to use in calling the domain-name registrar in order to have an account password reset or to have an account email change processed.  At this point it’s really up to the customer support agent to be the last line of defense. 

In most cases hackers have been able to have an account reset processed by only knowing an email address or last four digits of a credit card number on file because they were able to gain the trust of the customer-support agent.  Once the hacker has been able to have a password reset processed and gains access to your account, it’s then an uphill battle, depending on the company, to get your access back.  If you own a business and rely on your unique domain name, this could be a disaster.

The simple way to stop this is to mark on your account by calling and verifying who you are, that under no circumstances are phone call account resets allowed.  Most companies and services will allow an individual to request this.  In most cases this puts an end to it and hackers will not be able to social engineer your account any longer.

Stay Safe

Website Design & Development © 2024 Links Online Marketing, LLC, Bangor Maine | Sitemap
Website Content ©2024 HCP Computers and Business Solutions