Thursday, December 31, 2020

Cyber Security Assessment Services, Your IT New Year’s Resolution

 

cybersecurityJanuary 1st, 2021 is just around the corner. It’s been a tumultuous 2020 and many people are relieved that it has finally come to an end. The new year offers new opportunities and new beginnings, which are also referred to as New Year’s resolutions. These usually short term promises to be much better next year are generally bleak when it comes to the results. As a matter of fact, only 25% of people will get to the new year and still manage to fulfill their resolutions and just 8% still do their best to improve. How does New Year’s resolutions apply to information technology? If you have a business, you need to prioritize its cybersecurity. This is where cyber security assessment services come in.

How To Bad Cyber Security Habits

The first thing you need to remember is to get rid of the bad habits. For people, objectives such as drinking less alcohol or eating less processed foods may be one of their priorities. But these resolutions are generally difficult to follow through, since people are already used to those familiar things. This could be true for companies too. Before end users and cybersecurity Florence SC leaders can make improvements to their outlook for 2021, they have to get rid of the bad habits, even if they’re difficult to do so.

 

 

Top 3 Worst IT Practices

Free Wi-Fi may be filled with security challenges such as MitM attacks and network spoofing. Despite all these risk factors, 77% of the users continue to connect to the free public Wi-Fi outside offices.

Using Weak Passwords

A lot of people are using weak passwords because they’re easy to remember. Having said that, they also create almost no barrier between your company and hackers. Getting rid of this old habit for good is one good way of starting off 2021.

Failing to Address Security Blind Spots

A few CISOs consider fatalistic methods when it comes to cybersecurity, which means they believe that a system compromise cannot be prevented and therefore, it’s not worth the resources and time to employ a cybersecurity strategy. This is a huge mistake that you must not do. What you have to do is make sure that your company takes a proactive as well as reactive approach to fill all the security gaps that are made obvious by cybersecurity assessment services.

Goals over Resolutions

One of the reasons why New Year’s resolutions fail is that they focus on promises instead of planning. Objectives, on the other hand, concentrate on reasonable outcomes that are to be accomplished within a certain time frame, allowing companies to correctly assess their success and then adapt to setbacks easily.

You must exercise your IT defense strategy. You have to work on your defensive muscles constantly so you can make sure that your services and networks are not at risk. You can start by considering IT outsourcing when it comes to your cyber security assessment services to determine any network problems and by providing appropriate security training to employees.

You probably want to spend less as well but make sure that you are not compromising your cybersecurity. Tighten up your password restrictions and conduct mandatory software updates every three months to reduce your company’s overall risks.

Call SpartanTec, Inc. now and let our team of IT experts help reach your cybersecurity goals for 2021.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence

Thursday, December 24, 2020

Beware of Missed Delivery Parcel Scams This Christmas


 Millions of people go Christmas shopping online. Fraudsters exploit the shopping season by sending scam emails and texts and that's why you should never forget to boost your cybersecurity. These scammers claim that they’re from a trustworthy company and they want to inform you that they were unable to deliver a package.

They also provide a link to a website where you will be asked to key in your bank card details so you can pay additional postage costs. If you don’t your item will be returned to sender. A few days later, you’ll get a call telling you that your bank account is compromised and you have to move the money to a secure account. What you don’t’ know is that the secure account their referring to is still under their control.

A lot of consumers have reported to have fallen victim to missed delivery parcel scams. Some messages even claim that address information provided is incomplete that’s why the parcel wasn’t delivered. They'll say that the need to get more details so they can try to redeliver the parcel. They will then offer collection from their warehouse and say that the arranged delivery isn’t for free.

 

 

Always remember that legitimate firms don’t ask for bank details through texts or emails. You should be careful of these kinds of scams. It’s best if you know how to spot fraudulent texts and email.

Never click on links form emails that come from people or entity you don’t know or not familiar with. It’s better if you type the website address directly into a web browser.

Cybercriminals are looking to cash in on people who are sending and expecting to receive gifts during the holidays. Consumers who are tricked into clicking on the infected links will later on get a call from the fraudster pretending to be from the fraud team of a bank and will try to convince the unsuspecting victim to move their cash to a new account or provide their passcodes.

Never do this whether it’s through text, call, or email. Take the time to think before you part with your money or information. Don’t click on links in a text message or email because it could be a scam. If you receive these kinds of emails or text, be sure to report to the authorities right away. You should also improve your email security.

Scammers are also exploiting the COVID vaccination program by saying that people are given the opportunity to get the shot much sooner. These are done via text or voice message through phone. In both cases, the victim is asked to reply by pressing 1 after they receive the call or by clicking on a link in the text message. They will then be asked to provide their financial details and personal information to book for the vaccination. Don’t be fooled. Always be careful.

 

Call SpartanTec, Inc. now and let us help you improve your company’s cybersecurity Florence SC strategies so you’ll be less at risk of falling victim to cyberattacks.



SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Thursday, December 3, 2020

Location-based threats: How cybercriminals target you based on where you live



 Much like legitimate businesses, cybercriminal enterprises have to be dynamic – standing still means falling behind. A significant example of how cybercriminals are evolving is the growing trend of location-based targeting, through what we call “geo-malware” and regionalized email attacks.

Traditionally, we think of online threats in terms of highly targeted attacks on the one hand and opportunistic cash grabs on the other hand. Nation-state sponsored or advanced persistent threat (APT) attackers target specific individuals or organizations, and the more common, financially motivated digital thieves take an “infect them all” approach.

Our SophosLabs research shows that way of thinking is becoming outdated, as APT attackers and common cybercrooks learn and borrow techniques from one another.

Common online crooks have learned how to become more efficient and increase their yield per victim by targeting individuals based on their specific country, using a variety of methods. Here I will go into a few of them: geo IP lookups; traffic direction services; and email targeting. I will also explain how and why cybercrooks avoid certain countries.

 

 

Why geo-targeting is becoming more popular

We can compare an online criminal enterprise to a legitimate business like McDonald’s, a very successful company with restaurants all over the world. Even though you may recognize McDonald’s as the same restaurant wherever you go, there are important differences in every country.

You will have to pay different prices and use different currencies. And you’ll find different offerings on the menu and a different approach to advertising based on the local diet, culture and language.

Cybercrime is now a highly competitive, multi-billion-dollar business. They want to target wealthy countries with particular kinds of malware, like ransomware and banking malware, while utilizing other victims for more mundane tasks like spamming or participating in denial-of-service attacks.

To customize their attacks and make their email scams and phishing attacks more believable, the cybercriminals are imitating local brands and using grammatically correct local languages as lures.

Users have been conditioned to believe they can spot scams by the incorrect grammar and shoddy spelling, which leads to them falling even harder for well-crafted scam messages.

Location, location, location: IP lookups and traffic direction services

A popular tactic favored by today’s criminals is using malware that is geo-targeted based on information gleaned from the computer’s IP address or the language setting in Windows.

Common crooks don’t often infect computers themselves – they typically use services provided by other cybercriminals who have collected thousands of infected (zombified) computers and sell them to the highest bidder.

A criminal may want to drop banking malware on computers in Germany, for example, simply because Germany is a wealthy country, or because the crook has money mules in Germany – people they have recruited to take money out of local ATMs using cards produced from card numbers and PINs stolen by the malware or skimmers.

We have seen examples where criminals go on the black market to use compromised traffic direction services (TDS), which provide real-time bidding and traffic direction, to find the most appropriate victims, much like legitimate ad networks serve you the most relevant ads whenever you visit a website.

Your IP address, which often shows your computer’s location, is detected by the compromised web server that’s sending the malicious stuff, and serves you the malware “designed” for your region.

Traffic direction services

We see this IP lookup technique favored by crooks using banking malware because most banks tend to serve a particular country or region – in our example, users based in Germany have a high likelihood of being customers of Deutsche Bank, so malware targeting that bank will have a high rate of success.

Thus, we see different families of malware used to infiltrate banks and financial institutions converging on specific regions:

  • Various banking Trojans designed to pinpoint Brazil
  • Dridex is predominant in the U.S. and Germany
  • Trustezeb is most prevalent in German speaking counties
  • Yebot is popular in Hong Kong and Japan
  • Zbot is mostly found in the U.S., UK, Canada, Germany, Australia, Italy, Spain and Japan

Geo-malware example: ransomware

One of the more prevalent examples of geo-targeted malware is ransomware.

You’re familiar with ransomware by now – ransomware gets right in your face, with warning messages that pop up on your screen and demand a ransom in your local language. These nasty threats infect your computer and use public-key cryptography to scramble your files, then hold all your data hostage until you pay for the key to decrypt them.

In recent months, we’ve seen most ransomware being distributed via attachments in emails, which are carefully crafted in your local language and spoof local institutions like your region’s postal service or law enforcement agency, luring you to open the attachment and download the ransomware.

Criminals have taken one step further to make ransomware more effective and provide payment pages to instruct you how to pay in your native language or currency.

Ransomware crooks tend to want to infect as many computers as possible and then serve up the correct language based on what keyboard you have installed on your computer or the language setting in Windows.

With crypto-ransomware, the crooks demand payments in bitcoins or other anonymous e-payment systems such as Ukash. The payment pages offer detailed instructions in the local language, with payment amounts listed in the local currency, and links to local Bitcoin exchanges.

TorrentLocker Bitcoin pay page

The most popular ransomware in recent months, Locky, has ransom pages carefully translated into various languages including Portuguese, Danish and Chinese, although for some reason the Locky crooks are not interested in Czech or Arabic-speaking countries. Locky also can check to see if Windows is set to Russian, which causes the malware to exit and delete itself.


Natural geo-targeting: email country codes

Cybercriminals don’t always need sophisticated malware to target your location – they may be able to figure out where you live just based on your email address, using the country code extension.

This is a clean and simple way to filter victims: the crooks can hit all the .uk country code emails with spam targeted for the UK; the .nl email addresses get Dutch spam; the .no ones get Norwegian spam, and so on.

The most common mass-spammed malicious email campaigns have impersonated local postal companies and tax agencies. These emails either contain a malicious Microsoft Word document, JavaScript or lead you to click through to a compromised webpage.

The grammar and spelling of these emails is greatly improved compared to past email spam campaigns, leading to more victims believing the messages are real. The crooks aren’t relying on some sloppy machine translator. They hire human translators who create the messages in their native language – we have heard of freelance translators being contracted to do this type of work for the criminals unwittingly.

Cybercrooks aren’t just customizing email attacks based on language and regional institutions – they shift tactics based on seasons as well. So, during tax season the emails might pretend to be from the IRS in the US or the Office of State Revenue in Australia. Around Christmas time, you can expect to see fake package delivery notices.

Sample malicious email

It’s also important to remember that if you get a phishing email, it doesn’t matter what type of computer or mobile device you’re using. When you get an email trying to phish your banking credentials, you can still give away your bank account password whether you have a Windows or Mac, iPhone or Android computer.

Crooks will use your location to make the trick more convincing. But all bits of information about you are important, and the criminals will always look to take advantage of information they have and use it against you.

No-go zones: country filtering

We also see examples of geo-customization where cybercriminals are programming attacks to avoid certain countries or keyboards with a particular language.

This could be happening for a few reasons. Maybe the crooks don’t want attacks in their home country out of a sense of national pride. Another theory is that the crooks don’t target their own countries because their local law enforcement is willing to look the other way, so long as the victims aren’t locals.

One of the earliest examples we’ve seen of attackers excluding particular countries was the Conficker virus, which at its peak infected more than 11 million PCs globally. Yet there was one country where Conficker would not initially spread – Ukraine.

The first version of Conficker used an online geo IP lookup to determine whether you were in the Ukraine or not, and the virus would avoid Ukrainian computers. (Later versions of Conficker dropped this behavior.)

As mentioned above, Locky ransomware has also been found to delete itself if a computer’s language is set to Russian.

Although circumstantial, other evidence points to Locky being made by an Eastern European criminal. Recently I grabbed some Word docs with malicious macros that were spreading Locky, and noticed that when the document was created the language was set to Cyrillic, an indication that whoever was last editing it had their keyboard set to Cyrillic.

We don’t know for sure that Locky is made by Eastern Europeans, but if not, someone went through a lot of trouble to make it look that way.

What to do

With cybercriminals creating geo-targeted and authentic-looking threats, it is more difficult to recognize malicious spam. Here are some security tips for home and business users to stay protected against email-borne malware attacks.

For home users:

  1. Make sure you protect your computers with an anti-malware and web protection solution. Sophos Home is free, enterprise-grade security software that protects both Macs and PCs.
  1. Keep your files safe from ransomware by backing them up regularly. Keep at least one recent backup offline.
  1. Be very careful about opening email attachments. Malware including ransomware is very often spread in email. You should also be wary of clicking links in emails, as they may take you to a phishing or malware website.
  1. Always keep your computers, devices and applications up to date with the latest security updates.
  1. Use strong, unique passwords for all your accounts. Consider using a password manager to create and store strong passwords for you. Just make sure you use a strong password for the password manager itself.

For business users:

  1. Patch, patch, patch. Malware that doesn’t come in via document macros often relies on bugs in software and applications. When you apply security patches, you give the cybercriminals fewer options for infecting you.
  1. Don’t give yourself more login power than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.
  1. Don’t enable macros. A lot of ransomware is distributed in Office documents that trick users into enabling macros. Microsoft has released a new tool in Office that can prevent you from enabling them on documents downloaded from the internet.
  1. Train and retrain employees in your business. Your users can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails.
  1. Segment the company network. Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.
  1. Treat security as a system. Every extra layer of protection, whether encryption or a synchronized endpoint to network solution, will help protect against increasingly sophisticated threats.

 

Call SpartanTec, Inc. now and let our IT experts boost your cybersecurity so you're better equipped at protecting your business from various kinds of online threats.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence