Info Advantage was formed in 1992 for the purpose of specializing in Information Technology consulting, which encompasses business solution development, software development, and platform support from IBM’s midrange to a growing number of Intel based solutions.

WannaCry: The Worst Digital Disaster the World Has Seen in Years

WannaCry: The Worst Digital Disaster the World Has Seen in Years

 

On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.

The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.

Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.

So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.

However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.

What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.

A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.

Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.

Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.

 

Continue reading
0 Comment

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

Continue reading
0 Comment

Homographs: Using Different Languages to Steal Your Data

Many hackers rely on their ability to trick users into giving up information or control of their technology. As technology advances, hackers continue to find new and updated ways to gain access to user accounts. One scam in particular, known as homographs, has seen an increase of popularity as of late.

What are they?

Homographs are a phishing strategy that is used to disguise a hyperlink to look like a legitimate, secure website. Scammers are able to use these attacks due to the way that many browsers interpret URLs with characters from another language. An example of this can be found with Russian Cyrillic letters, many of which look similar to English letters. To account for this, browsers utilize basic translation tools so a user can still access a legitimate website using non-English characters by translating the address into a series of English letters and numbers.

How do hackers use homographs?

Hackers are able to take advantage of homographs by using letters from another language that look identical to letters of the English language. They create a URL that looks identical to the legitimate site, but once clicked it will automatically take you to a compromised site where your data can be at risk. This attack works because users won’t be able to see that the URL is not legitimate until it is too late, as once they click the link they will most likely be infected by malware.

How can I protect myself?

While many browsers have created fail-safes to combat this issue, there are still many browsers that are left unprotected. Even those that do use the fail-safes can be easily tricked, so it’s up to the user to prevent the attack. Be conscious of every link you click, and never open up a URL that you cannot verify. This means any URL in an unknown email address, or a pop-up ad that claims to be a legitimate company. The best way to avoid homograph attacks is to always manually type in the web address.

Want to know more about how to prevent cyberattacks? Contact Info Advantage at (585) 857-2644 to talk to our security and technology professionals today.

Tags:
Continue reading
0 Comment

How Rugged Are You? A Guide to Rugged Laptops

How Rugged Are You? A Guide to Rugged Laptops

Face it, your laptop isn’t indestructible. There are only so many times you can throw your laptop in a cramped bag or have it drop from your hands before you see some damage. While many laptops can be saved with something as simple as a sturdy case, many modern professionals work in conditions that make it very difficult to protect the technological equipment needed for businesses to run smoothly. That is why many manufacturers are creating lines of ‘rugged laptops,’ which can withstand even the harshest of work conditions.

What Are Rugged Laptops?

A “rugged’’ laptop is a PC that has been designed to withstand very harsh environments and conditions, such as heavy traveling or factory work. These laptops are built to withstand just about anything, including drops, spills, extreme temperatures, and much more. There are a variety of different types of rugged laptops, each built for a specific purpose. Many rugged laptop vendors offer an assortment of rugged laptops that are classified into three ‘levels’ of ruggedness; semi-rugged, fully-rugged, and ultra-rugged. Semi-rugged laptops are typically enhanced versions of commercialized laptops with more protection, where an ultra-rugged laptop is built from the inside-out to resist even the harshest environments.

What Classifies a Laptop as Rugged?

Most rugged PC manufacturers use the MIL-STD-810 environmental durability standards to test how rugged their laptops are. The MIL-STD-810 was originally created in the 1960s by the US Department of Defense as a guideline for designing military-grade technology that can be used in high combat areas. The standard provides a variety of different test methods which can be used to ensure equipment is suitable enough to be used on the field of combat. This includes tests for temperature, vibration, impact, water resistance, altitude, sand or dust, and more. Manufacturers are also known to reference the Ingress Protection Code, which classifies the degrees of sealing protection of electrical equipment, and the NEMA classification, which describes different electrical enclosures and how they hold up in different environments.

Who Should Be Using Rugged Laptops?

While rugged laptops are typically designed for people who work in extreme conditions, just about any business professional can find value in a rugged laptop. While you may not be using your laptop underground or at sea, your personal computer may be taking on more damage than you think. Laptops are often shoved in bags or airplane compartments, or left in places they could potentially get damage, such as a bathroom or kitchen. Therefore, just about anyone who takes their business on-the-go can find benefits from ruggedized laptops.

 

If you’re interested in a more rugged laptop but don’t know what level of protection you need? Contact the technology experts at Info Advantage today at (585) 254-8710 to talk about what technology solutions will best fit your business.

[Photo: DoD]

Continue reading
0 Comment

Avoiding Back Pain and Eye Strain in the Office

Avoiding Back Pain and Eye Strain in the Office

Working at a desk is a fairly inescapable for the modern office worker. The trouble with sitting at a desk for long intervals is that it causes physical issues, especially if the workspace isn’t properly set up. Fortunately, you don’t have to invest in specialized equipment; it’s fairly simple to establish best practices that will ensure employee comfort and productivity.

Continue reading
1 Comment

Support Options

  • Phone Support +

    Speak to a support team member on the phone!

    Phone: (585) 254-8710
    Fax: (585) 254-8766

  • Ticket By Email +

    Send an email to the Help Desk to create a ticket automatically and communicate with your team or any member.

    Submit A Ticket

  • Ticket By Portal +

    Create and manage tickets via our secure online Help Desk Portal. (Members Only Requires login)

    Enter Support Portal

  • 1

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security technology Tip of the Week Privacy Best Practices Current Events Hackers malware backup Business practice Software cloud technology solutions Productivity Quick Tips Mobility Microsoft cyber attacks Hardware Disaster Recovery Computer business Network Security Mobile Devices Internet Business Management Ransomware Business Continuity Innovation Windows 10 Office tips Business Computing Small Business Health Law Enforcement data breach Information Technology Saving Money email Flexibility Social Operating System Avoiding Downtime data Virtualization Miscellaneous Identity Theft Humor IT Support Passwords Money Risk Management IT Efficiency Communication Wi-Fi voip Smartphone phone systems Personal Information History Application Hosted Solutions Internet Protocol Mobile Computing Upgrade cyber criminals Antivirus internet user Office 365 Laptop time Government threats How To Recovery cloud capabilities BDR Artificial Intelligence servers Managed IT Services Gadgets Touchpad byod virtualized servers Reputation holiday Virtual Reality Search Router Microsoft Office hardware solutions Windows Encryption Alert spam ATMs Video Games Facebook content Remote Computing Automation Data recovery Managing Stress HaaS Password Employer-Employee Relationship Net worth Education cars Legal Robot ecommerce Workplace Tips Server Battery Apps VoIP right Wireless Hosted Solution Scalability Cybercrime Relocation Point of Sale Text Messaging hardware refreshes IT Services Private Cloud Update iPhone business continuity plan Automobile

Blog Archive

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name