Thursday, December 31, 2020

Cyber Security Assessment Services, Your IT New Year’s Resolution

 

cybersecurityJanuary 1st, 2021 is just around the corner. It’s been a tumultuous 2020 and many people are relieved that it has finally come to an end. The new year offers new opportunities and new beginnings, which are also referred to as New Year’s resolutions. These usually short term promises to be much better next year are generally bleak when it comes to the results. As a matter of fact, only 25% of people will get to the new year and still manage to fulfill their resolutions and just 8% still do their best to improve. How does New Year’s resolutions apply to information technology? If you have a business, you need to prioritize its cybersecurity. This is where cyber security assessment services come in.

How To Bad Cyber Security Habits

The first thing you need to remember is to get rid of the bad habits. For people, objectives such as drinking less alcohol or eating less processed foods may be one of their priorities. But these resolutions are generally difficult to follow through, since people are already used to those familiar things. This could be true for companies too. Before end users and cybersecurity Florence SC leaders can make improvements to their outlook for 2021, they have to get rid of the bad habits, even if they’re difficult to do so.

 

 

Top 3 Worst IT Practices

Free Wi-Fi may be filled with security challenges such as MitM attacks and network spoofing. Despite all these risk factors, 77% of the users continue to connect to the free public Wi-Fi outside offices.

Using Weak Passwords

A lot of people are using weak passwords because they’re easy to remember. Having said that, they also create almost no barrier between your company and hackers. Getting rid of this old habit for good is one good way of starting off 2021.

Failing to Address Security Blind Spots

A few CISOs consider fatalistic methods when it comes to cybersecurity, which means they believe that a system compromise cannot be prevented and therefore, it’s not worth the resources and time to employ a cybersecurity strategy. This is a huge mistake that you must not do. What you have to do is make sure that your company takes a proactive as well as reactive approach to fill all the security gaps that are made obvious by cybersecurity assessment services.

Goals over Resolutions

One of the reasons why New Year’s resolutions fail is that they focus on promises instead of planning. Objectives, on the other hand, concentrate on reasonable outcomes that are to be accomplished within a certain time frame, allowing companies to correctly assess their success and then adapt to setbacks easily.

You must exercise your IT defense strategy. You have to work on your defensive muscles constantly so you can make sure that your services and networks are not at risk. You can start by considering IT outsourcing when it comes to your cyber security assessment services to determine any network problems and by providing appropriate security training to employees.

You probably want to spend less as well but make sure that you are not compromising your cybersecurity. Tighten up your password restrictions and conduct mandatory software updates every three months to reduce your company’s overall risks.

Call SpartanTec, Inc. now and let our team of IT experts help reach your cybersecurity goals for 2021.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence

Thursday, December 24, 2020

Beware of Missed Delivery Parcel Scams This Christmas


 Millions of people go Christmas shopping online. Fraudsters exploit the shopping season by sending scam emails and texts and that's why you should never forget to boost your cybersecurity. These scammers claim that they’re from a trustworthy company and they want to inform you that they were unable to deliver a package.

They also provide a link to a website where you will be asked to key in your bank card details so you can pay additional postage costs. If you don’t your item will be returned to sender. A few days later, you’ll get a call telling you that your bank account is compromised and you have to move the money to a secure account. What you don’t’ know is that the secure account their referring to is still under their control.

A lot of consumers have reported to have fallen victim to missed delivery parcel scams. Some messages even claim that address information provided is incomplete that’s why the parcel wasn’t delivered. They'll say that the need to get more details so they can try to redeliver the parcel. They will then offer collection from their warehouse and say that the arranged delivery isn’t for free.

 

 

Always remember that legitimate firms don’t ask for bank details through texts or emails. You should be careful of these kinds of scams. It’s best if you know how to spot fraudulent texts and email.

Never click on links form emails that come from people or entity you don’t know or not familiar with. It’s better if you type the website address directly into a web browser.

Cybercriminals are looking to cash in on people who are sending and expecting to receive gifts during the holidays. Consumers who are tricked into clicking on the infected links will later on get a call from the fraudster pretending to be from the fraud team of a bank and will try to convince the unsuspecting victim to move their cash to a new account or provide their passcodes.

Never do this whether it’s through text, call, or email. Take the time to think before you part with your money or information. Don’t click on links in a text message or email because it could be a scam. If you receive these kinds of emails or text, be sure to report to the authorities right away. You should also improve your email security.

Scammers are also exploiting the COVID vaccination program by saying that people are given the opportunity to get the shot much sooner. These are done via text or voice message through phone. In both cases, the victim is asked to reply by pressing 1 after they receive the call or by clicking on a link in the text message. They will then be asked to provide their financial details and personal information to book for the vaccination. Don’t be fooled. Always be careful.

 

Call SpartanTec, Inc. now and let us help you improve your company’s cybersecurity Florence SC strategies so you’ll be less at risk of falling victim to cyberattacks.



SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Thursday, December 3, 2020

Location-based threats: How cybercriminals target you based on where you live



 Much like legitimate businesses, cybercriminal enterprises have to be dynamic – standing still means falling behind. A significant example of how cybercriminals are evolving is the growing trend of location-based targeting, through what we call “geo-malware” and regionalized email attacks.

Traditionally, we think of online threats in terms of highly targeted attacks on the one hand and opportunistic cash grabs on the other hand. Nation-state sponsored or advanced persistent threat (APT) attackers target specific individuals or organizations, and the more common, financially motivated digital thieves take an “infect them all” approach.

Our SophosLabs research shows that way of thinking is becoming outdated, as APT attackers and common cybercrooks learn and borrow techniques from one another.

Common online crooks have learned how to become more efficient and increase their yield per victim by targeting individuals based on their specific country, using a variety of methods. Here I will go into a few of them: geo IP lookups; traffic direction services; and email targeting. I will also explain how and why cybercrooks avoid certain countries.

 

 

Why geo-targeting is becoming more popular

We can compare an online criminal enterprise to a legitimate business like McDonald’s, a very successful company with restaurants all over the world. Even though you may recognize McDonald’s as the same restaurant wherever you go, there are important differences in every country.

You will have to pay different prices and use different currencies. And you’ll find different offerings on the menu and a different approach to advertising based on the local diet, culture and language.

Cybercrime is now a highly competitive, multi-billion-dollar business. They want to target wealthy countries with particular kinds of malware, like ransomware and banking malware, while utilizing other victims for more mundane tasks like spamming or participating in denial-of-service attacks.

To customize their attacks and make their email scams and phishing attacks more believable, the cybercriminals are imitating local brands and using grammatically correct local languages as lures.

Users have been conditioned to believe they can spot scams by the incorrect grammar and shoddy spelling, which leads to them falling even harder for well-crafted scam messages.

Location, location, location: IP lookups and traffic direction services

A popular tactic favored by today’s criminals is using malware that is geo-targeted based on information gleaned from the computer’s IP address or the language setting in Windows.

Common crooks don’t often infect computers themselves – they typically use services provided by other cybercriminals who have collected thousands of infected (zombified) computers and sell them to the highest bidder.

A criminal may want to drop banking malware on computers in Germany, for example, simply because Germany is a wealthy country, or because the crook has money mules in Germany – people they have recruited to take money out of local ATMs using cards produced from card numbers and PINs stolen by the malware or skimmers.

We have seen examples where criminals go on the black market to use compromised traffic direction services (TDS), which provide real-time bidding and traffic direction, to find the most appropriate victims, much like legitimate ad networks serve you the most relevant ads whenever you visit a website.

Your IP address, which often shows your computer’s location, is detected by the compromised web server that’s sending the malicious stuff, and serves you the malware “designed” for your region.

Traffic direction services

We see this IP lookup technique favored by crooks using banking malware because most banks tend to serve a particular country or region – in our example, users based in Germany have a high likelihood of being customers of Deutsche Bank, so malware targeting that bank will have a high rate of success.

Thus, we see different families of malware used to infiltrate banks and financial institutions converging on specific regions:

  • Various banking Trojans designed to pinpoint Brazil
  • Dridex is predominant in the U.S. and Germany
  • Trustezeb is most prevalent in German speaking counties
  • Yebot is popular in Hong Kong and Japan
  • Zbot is mostly found in the U.S., UK, Canada, Germany, Australia, Italy, Spain and Japan

Geo-malware example: ransomware

One of the more prevalent examples of geo-targeted malware is ransomware.

You’re familiar with ransomware by now – ransomware gets right in your face, with warning messages that pop up on your screen and demand a ransom in your local language. These nasty threats infect your computer and use public-key cryptography to scramble your files, then hold all your data hostage until you pay for the key to decrypt them.

In recent months, we’ve seen most ransomware being distributed via attachments in emails, which are carefully crafted in your local language and spoof local institutions like your region’s postal service or law enforcement agency, luring you to open the attachment and download the ransomware.

Criminals have taken one step further to make ransomware more effective and provide payment pages to instruct you how to pay in your native language or currency.

Ransomware crooks tend to want to infect as many computers as possible and then serve up the correct language based on what keyboard you have installed on your computer or the language setting in Windows.

With crypto-ransomware, the crooks demand payments in bitcoins or other anonymous e-payment systems such as Ukash. The payment pages offer detailed instructions in the local language, with payment amounts listed in the local currency, and links to local Bitcoin exchanges.

TorrentLocker Bitcoin pay page

The most popular ransomware in recent months, Locky, has ransom pages carefully translated into various languages including Portuguese, Danish and Chinese, although for some reason the Locky crooks are not interested in Czech or Arabic-speaking countries. Locky also can check to see if Windows is set to Russian, which causes the malware to exit and delete itself.


Natural geo-targeting: email country codes

Cybercriminals don’t always need sophisticated malware to target your location – they may be able to figure out where you live just based on your email address, using the country code extension.

This is a clean and simple way to filter victims: the crooks can hit all the .uk country code emails with spam targeted for the UK; the .nl email addresses get Dutch spam; the .no ones get Norwegian spam, and so on.

The most common mass-spammed malicious email campaigns have impersonated local postal companies and tax agencies. These emails either contain a malicious Microsoft Word document, JavaScript or lead you to click through to a compromised webpage.

The grammar and spelling of these emails is greatly improved compared to past email spam campaigns, leading to more victims believing the messages are real. The crooks aren’t relying on some sloppy machine translator. They hire human translators who create the messages in their native language – we have heard of freelance translators being contracted to do this type of work for the criminals unwittingly.

Cybercrooks aren’t just customizing email attacks based on language and regional institutions – they shift tactics based on seasons as well. So, during tax season the emails might pretend to be from the IRS in the US or the Office of State Revenue in Australia. Around Christmas time, you can expect to see fake package delivery notices.

Sample malicious email

It’s also important to remember that if you get a phishing email, it doesn’t matter what type of computer or mobile device you’re using. When you get an email trying to phish your banking credentials, you can still give away your bank account password whether you have a Windows or Mac, iPhone or Android computer.

Crooks will use your location to make the trick more convincing. But all bits of information about you are important, and the criminals will always look to take advantage of information they have and use it against you.

No-go zones: country filtering

We also see examples of geo-customization where cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language.

This could be happening for a few reasons. Maybe the crooks don’t want attacks in their home country out of a sense of national pride. Another theory is that the crooks don’t target their own countries because their local law enforcement is willing to look the other way, so long as the victims aren’t locals.

One of the earliest examples we’ve seen of attackers excluding particular countries was the Conficker virus, which at its peak infected more than 11 million PCs globally. Yet there was one country where Conficker would not initially spread – Ukraine.

The first version of Conficker used an online geo IP lookup to determine whether you were in the Ukraine or not, and the virus would avoid Ukrainian computers. (Later versions of Conficker dropped this behavior.)

As mentioned above, Locky ransomware has also been found to delete itself if a computer’s language is set to Russian.

Although circumstantial, other evidence points to Locky being made by an Eastern European criminal. Recently I grabbed some Word docs with malicious macros that were spreading Locky, and noticed that when the document was created the language was set to Cyrillic, an indication that whoever was last editing it had their keyboard set to Cyrillic.

We don’t know for sure that Locky is made by Eastern Europeans, but if not, someone went through a lot of trouble to make it look that way.

What to do

With cybercriminals creating geo-targeted and authentic-looking threats, it is more difficult to recognize malicious spam. Here are some security tips for home and business users to stay protected against email-borne malware attacks.

For home users:

  1. Make sure you protect your computers with an anti-malware and web protection solution. Sophos Home is free, enterprise-grade security software that protects both Macs and PCs.
  1. Keep your files safe from ransomware by backing them up regularly. Keep at least one recent backup offline.
  1. Be very careful about opening email attachments. Malware including ransomware is very often spread in email. You should also be wary of clicking links in emails, as they may take you to a phishing or malware website.
  1. Always keep your computers, devices and applications up to date with the latest security updates.
  1. Use strong, unique passwords for all your accounts. Consider using a password manager to create and store strong passwords for you. Just make sure you use a strong password for the password manager itself.

For business users:

  1. Patch, patch, patch. Malware that doesn’t come in via document macros often relies on bugs in software and applications. When you apply security patches, you give the cybercriminals fewer options for infecting you.
  1. Don’t give yourself more login power than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.
  1. Don’t enable macros. A lot of ransomware is distributed in Office documents that trick users into enabling macros. Microsoft has released a new tool in Office that can prevent you from enabling them on documents downloaded from the internet.
  1. Train and retrain employees in your business. Your users can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails.
  1. Segment the company network. Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.
  1. Treat security as a system. Every extra layer of protection, whether encryption or a synchronized endpoint to network solution, will help protect against increasingly sophisticated threats.

 

Call SpartanTec, Inc. now and let our IT experts boost your cybersecurity so you're better equipped at protecting your business from various kinds of online threats.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence

Friday, November 27, 2020

Q&A: How Secure Are Your Company’s Applications?


 Organizations of all types today face an ever evolving threatscape and growing pressure to rethink security strategies for long-term sustainability. Today’s enterprises operate in a complex technological environment, with a variety of devices, applications, and users accessing the network. Fortinet’s Mark Byers discusses the issues and trends affecting the security of enterprise applications.


Q&A with Mark Byers


What do companies need to know about security as it relates to their application infrastructure?


When most companies think about cyber security Florence SC, they think of their network. This is a great place to start—but it’s not the whole picture. The question we need to ask is, what exactly needs to be secured, and why? At the end of the day, we’re really talking about the need to secure data—whether it’s customers’ credit card data, health information, corporate financial data, employee information, proprietary information, etc. And that means we need to consider all the different access points that need to be secured. One of the weakest links is applications. You can have multiple layers of network security, but once you expose an application to the Internet, your network security is not enough. When a company provides users access to an online application with a user ID and password, that user and attackers now have access to the data that can potentially bypass many layers of carefully crafted security protections.

 

 

So where do companies need to focus to ensure their applications are secure?


This sounds daunting but the truth is, they need to consider everywhere. You need to protect all access points to data – where it sits in a repository or server, where and when the data is accessed through an application, and when it’s shared with other applications or users. This is why a security fabric is critically important. You need policies to ensure enterprise users have different passwords for certain systems, two-factor authentication to verify they are who they say they are and that they’re authorized to access particular systems or information. Companies need increased intelligence of network services that allow users to identify threats in emails and machine learning that helps detect threat signatures. Administrators need a system strategy that correlates data and helps identify threats spanning multiple systems. They need security systems that are deeply integrated so that they can share threat intelligence and events to close the gap between devices and applications.


Talk about some of the well-known application security issues we have heard in the media. What’s happening?


From an enterprise perspective, the UK telecommunications company TalkTalk was in the news in October 2015 when nearly 157,000 customer data records were compromised. At fault was a breach in an application code; a simple SQL command opened up a back door to their data. This event resulted in the loss of more than 200,000 customers and significant dip in their revenues.

In general, though, some of the most well-known security issues involve Adobe Flash. In fact, Google recently announced that their Chrome browser will no longer support Flash by the end of 2016. Flash is so pervasive; it’s used by the majority of devices. And the challenge is that when a critical vulnerability is  uncovered, it’s then only a matter of days before an attack occurs. That means one vulnerability in this one platform can have a widespread effect. What’s also concerning is that users do not regularly update to the latest version of Flash as it’s available. According to the Verizon 2016 Data Breech Investigations Report (DBIR) in one year’s time 45 percent of devices still had not updated to the latest version of flash and so still have no patch to address security issues.


It seems like there are patches pushed every day. We are constantly being asked to update our applications. Are they really that insecure?


The short answer is yes. The common vulnerability and exposures section of DBIR is important to review to understand the variety of issues. As soon as vulnerabilities are exposed, malicious attackers will instantly act on and exploit these vulnerabilities. Using Flash again as an example, should users update Flash as soon as a new version is pushed out? Yes. Do they? No. And the consequence is that one infected computer can affect the rest of the system.

If you’re running an enterprise system and the SSL protocol is compromised, this must be updated as soon as possible. There are tools available to help patch security holes, to scan for problems and malware, and to help mitigate those situations when updates don’t occur regularly.


There are lots of different types of applications: cloud apps, enterprise apps, consumer apps, database apps. Are there different security concerns that customers need to address?


Cloud-based applications are generally fairly good in terms of their security. But if an end user doesn’t change his/her password regularly, then your data could be compromised. In most instances, breaches occur because users are sharing credentials, or they’re not changing their passwords regularly. So it’s really a user issue and not an application issue.

On the enterprise side, an organization may have great e-commerce system all based on code that needs to be kept up to date. As long as you’re patching regularly and staying up to date, you’re fine. Companies need to employ application firewalls to help with zero day attacks. And they need to isolate their systems so that they’re not sitting directly on the Internet, which makes them more vulnerable. If applications and data are on the same server, you need to ensure that all information is channeled through a secure access point. Often within a company there’s a need to bring up a web-based application quickly for many users to access, and simple steps are overlooked that are the security equivalent to forgetting to lock the door behind them.


Data is growing exponentially, and our use of applications to run our businesses and our lives is never ending. What lies ahead for security and applications?


It’s becoming more and more important to have a deeply integrated security fabric that can help close the gaps, share intelligence across systems, and sift through vast amounts of data rapidly. Companies and security administrators don’t have the ability to review thousands of pages of data only to realize that a breach occurred the prior week. Every minute counts.

Technology is trying to stay ahead of the bad guys, to better identify threats and determine behavior abnormalities. Advanced persistent threats are many times customized to an organization and can employ multiple attack types until the target is compromised. Behavioral tools with advanced heuristics can help diagnose attacks as they’re happening, even if they’re different from previously identified attacks. Companies can run a baseline behavioral view in as little as an hour, and then this information helps the system identify abnormal behaviors. It could be as overt as a user attempting to access unauthorized systems or as unique as a user who is logging into applications from an unknown device at an atypical time of day.

 

Companies need to enforce a robust security policy that includes passwords, two-factor authentication, and regularly updated training. Call SpartanTec, Inc. now for more information.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence

Friday, November 20, 2020

Why Should Your Business Switch To SD-WAN?


 Internet connection is an important part of almost all business operations today. Its relevance continue to rise along with the rising demand for cloud based application. Connections that are of poor quality do not just affect browsing. Its impact is felt in the whole operational system, decreasing profitability and revenue down the road. This connectivity becomes more problematic for companies with several connections, who depend on WAN links to keep things operating seamlessly. Unfortunately, WAN connections such as these tend to come with bandwidth constraints, which leads to latency issues. The good news is SD-WAN technology is here to help.

What is SD-WAN?

SD-WAN Florence SC or software defined wide area network offers excellent network control to the cloud, putting together connections as well as orchestrating software to give more efficient and consistent data transport.

 

 

Why Choose SD-WAN?

You will be taking on a big task if you switch network technology and that is why companies ask the question why they should choose SD-WAN. The simple answer is that it is much better than the WAN system, offering broacher capabilities and improved science. For a more comprehensive explanation, here are the many different benefits of SD-WAN technology.

  1. Transport flexibility – SD-WAN provides better independence as well as flexibility in the methods used to transport data. This virtualized WAN lets a business make the most out of any transport protocol.
  2. Greater security – compared to conventional WAN solutions that take care of security on a per branch basis, SD-WAN may include universal security functions. At every level. SD-WAN could add cloud web content filtering, intervention protocols and malware defenses, leading to a more robust security while reducing the cost to the user.
  3. Smart Control – Probably the most important advantage of SD-WAN is its clever pathway control. This system channels traffic based on the application that is being used and could be set by a centralized control system to be executed on all locations. Every site could have its very own traffic control protocol with varying protocols for each IP addresses, port numbers, application profiles, as well as quality of service markings.
  4. Automatic provisioning – deploying the WAN systems can be inconvenient for businesses. SD-WAN will make it so much simpler. SD-WAN allows enterprises to send equipment to every branch unconfigured because every device could download its own policy, keys, and cryptocertificate. Provision will be simpler because the system can learn traffic patterns.

SD-WAN solutions are great systems for businesses that are looking to have the greatest IT efficiencies possible, and using this technology, your company can gain more traction.

 

Call SpartanTec, Inc. now if you want to know more about the many benefits of switching to SD-WAN or if you need the help of an IT expert to determine which system is best for you.

 

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence