Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

Logo

Blog banner image

Info Advantage Blog

Info Advantage has been serving the Upstate New York area since 1993 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Details on Massive Hardware Flaws in Intel Processors Released, Fix May Cause Major Computer Slowdowns

cpu-1-1175242

Details for a security vulnerability thought to affect almost every Intel processor made in the last decade have recently been released, and the outlook is not good. While there are updates on the way to fix the flaws, experts believe that a patch may slow down computers by up to 30%.

According to The Register, where the information was first publically released, the Intel vulnerability allows hackers to access areas of the computer that shouldn’t be reachable. The flaws, known as Meltdown and Spectre, directly affects the kernel memory of the Intel chip.

Meltdown breaks the isolation between applications and the OS, allowing hackers to access the memory of programs and the OS itself. Spectre breaks the isolation between different applications down, allowing a hacker to trick error-free programs to leaking information.

These flaws allow apps to detect and read the operating system codes, look into other app’s memory banks, or even leak personal information such as passwords, login information, files, and more.

The patch will make the affected kernel completely invisible, but this comes at a price. According to The Register, making the kernel invisible would add a new process that will increase its overhead, slowing down the computer.

Since the problem is with the hardware itself, nothing short of an OS-level fix will be required for the affected operation systems, including Windows, Linus, and Mac. So far Windows has released an emergency patch for Windows 10, with patches for Windows 7 and Windows 8 to come next week. However, there seem to be some issues caused by some anti-virus softwares that can result in bluescreen errors.

Apple says they have also addressed the majority of their flaws with their last OS update, and they are currently testing new tweaks for their next update. Linux developers have also created a set of patches.

In addition to operating systems, many cloud services companies will need to release updates in order to keep themselves protected against the vulnerability. Microsoft Azure, Amazon AWS, and Google Cloud Platform have all reported that they are working on implementing new updates to bulk up security against Meltdown and Spectre. However, they have all stated that the impact of proposed update and have found that they have very little affect on performance in their benchmark tests.

If you want to know more about how these vulnerabilities may affect you and your business, call us at (585) 254-8710 to learn more about how you can strengthen your technology security.

0 Comments
Continue reading

Proactive Cyber-Security: How to Stop Data Breaches Before They Happen

Proactive Cyber-Security: How to Stop Data Breaches Before They Happen

These days you can’t go anywhere on the Internet without hearing about some sort of data breach. With cyber-attacks on the rise, many companies are trying a new approach to data security; proactive security plans. These plans focus on preventing data breaches, rather than reacting to an attack as it happens.

Understand the Threats

Knowledge is one of the most important tools used to fight against data breaches. Before you’re able to work towards creating a system that prevents cyber-attacks, you need to make sure that everyone involved knows what threats they are dealing with. Companies should take the time to review the different attack types that are common in their particular industry, and should have a meeting with whoever handles their IT at least twice a year to make sure they are up-to-date on the newest threats.

Map Out Your Protection

After you create your list of major attack types you want to look out for, you will need to map out your company’s technology environment to see how these attacks could threaten each individual piece. This includes any device that connects to the Internet, what services are currently protecting those devices, and the type of data they have access to. This will give you a better picture of what areas need more attention.

Create a Security Baseline

Once you get a better understanding of the current threats and how they apply to your IT environment, it’s time to create a baseline for your company security. This can be done by creating a variety of different real-life scenarios, and testing them out on your current network. This will help you to discover the strengths and weaknesses of your network.

Once you have your system mapped out, it’s time to implement your security plan. These plans will allow you to focus on preventing things that cause data leaks or downtime, rather than reacting to issues as they come along. This will lead to an increase of productivity and efficiency.

If you’re looking to buff up your security, don’t wait any longer! Call Info Advantage at (585) 254-8710 to speak to a security professional about how you can prevent potential cyber-attacks.  

0 Comments
Continue reading

Fruitfly: The First Apple Malware of 2017

Fruitfly: The First Apple Malware of 2017

One of the major arguments for die-hard Apple fans is that their devices are nearly invulnerable to the attacks that work their way into other operating systems, such as malware or viruses. While it is true that Apple has a much lower rate of malware infections, this does not make it impenetrable, and hackers are constantly looking for new ways to extort data. One newly discovered malware, known as Fruitfly, takes advantage of an antiquated code that allows it to run undetected on macOS systems.

What is Fruitfly?

Fruitfly is a newly discovered type of malware recently found by the team at Malwarebytes. While relatively harmless, this malware is able to hide inside of OS X without alerting the user of its presence. The malware communicates with two command-and-control servers, which allows it to perform actions such as typing, webcam and screen capture, and even moving and clicking the mouse. It can also map other devices and try to connect with them.

Where did Fruitfly come from?

There is a bit of mystery surrounding the origins of Fruitfly. According to Malwarebytes, Fruitfly may have been hiding in a OS X for several years, as much of its code indicates that it was adapted from OS X to Yosemite, making it at least three years old. However, there are also lines of code that rely on pre-OS X systems, and some open-source ‘libjpeg’ code, which hasn’t been updated since 1998. So far, most of the discovered instances of Fruitfly have been found on machines at biomedical research institutions.

What can I do to protect my device?

Luckily, it seems that most of the Fruitfly attacks are targeted, making them a minor threat to an everyday user. However, Apple has yet to release a patch against Fruitfly, so users should take caution and keep an eye out for any updates they release in the near future. One of the best ways to ensure that your device stays infection-free is through constant monitoring of your network. Keep an eye out for any irregularities, and don’t let anything go unreported.

Worried that your network is in danger of malware infection? Not sure what to look for when monitoring your network? Contact Info Advantage today at (585) 254-8710 to talk to an IT professional about how to keep your devices safe from harmful attacks.

0 Comments
Continue reading

3 Social Engineering Scams You’ll Want to Keep an Eye Out For

3 Social Engineering Scams You’ll Want to Keep an Eye Out For

These days there are thousands of different cyber scams looking to steal money or information from unsuspecting internet users. While many of these attacks can be stopped with a strengthened and secure connection, there is another type of attack that relies more on tricking the users, rather than their network or personal device. These are known as social engineers, and they rely on exploiting the human psychology in order to obtain what they want. Here are three types of social engineering scams that you’ll want to be able to recognize.

Phishing

One of the most common types of hacking scams used today, phishing scams try to trick internet users to give up their personal information by posing as a reputable source. These often come up in the form of an email from a site that is easily recognizable, such as Facebook or Amazon. Typically, these emails state that there is a problem with a person’s account, and prompt them to fill out their personal information in order to resolve it. That’s why you should always double check the URL to make sure it is a verified site. Remember, a site will NEVER ask for your log in credentials through an email.

Pretexting

Pretexting is similar to phishing in that the hacker attempts to coerce information from a user by pretending to be someone they’re not. The main difference between the two types of scams is that where a phishing attack is meant to induce fear, a pretexting attack will instead attempt to create a false trust with the user. Hackers achieve this by posing as someone the user would trust, such as a government official or the police. They then ask for their personal information, often citing that they need to verify the user’s identity.

Quid Pro Quo

Hackers will often use what is known as a ‘quid pro quo’ attack where they promise a user some kind of good or service in exchange for their information. This is often presented as some sort of prize for a contest, and promises that you will receive the reward for free, as long as you provide them with a bit of personal information. For example, a hacker could promise free IT assistance to individual users and ask for them to give them their credentials in order to claim the service. They would then be able to steal valuable data or even download harmful malware directly onto their computers.

Even if you’re careful with your network, a professional hacker will stop at nothing to try and find a vulnerability they can exploit. Call Info Advantage at (585) 254-8710 today to learn more ways you can keep hackers at bay.

0 Comments
Continue reading

4 Important Lessons Learned From Verizon’s Annual Security Report

4 Important Lessons Learned From Verizon’s Annual Security Report

Verizon has taken to publishing a compilation report analyzing data breach statistics with the help of industry partners, a report that is widely regarded as a must-read for the industry. A brief review of the latest edition’s executive summary revealed where information security vulnerabilities lie in industries worldwide and, even more helpfully, what shape those vulnerabilities took. The Data Breach Investigations Report, or DBIR, pulled no punches in outlining what kind of attacks happened in the past year, and how.


The DBIR has its own system of outlining breach types that divide events and incidents into nine categories. Information-based companies appeared predominantly in four of them, with helpful tricks to prevent such breaches from happening again.

Crimeware: Perhaps unsurprisingly, one of the industries crimeware targeted most was the information industry, with the DBIR citing a rise in ransomware (39 percent of all analyzed attacks in 2015 involved ransomware). While the scope the DBIR funnels under the Crimeware title is fairly large (“This covers any use of malware that doesn’t fall into a more specific pattern”), this by no means cheapens the risks - it arguably compounds them, as it only goes to show how many pieces of crimeware exist. To defend against them, the DBIR recommends frequent patches and backups as well as monitoring changes to configurations.

Web App Attacks: Considering that 95 percent of web app attacks were financially motivated in their reports, it’s no surprise that e-commerce platforms were among the most targeted by these intrusions. These attacks are often the result of a successful phishing campaign or the infiltration of a vulnerable site. The other side of web app attacks, content management system breaches, saw plenty of digital graffiti and the repurposing of infiltrated sites as phishing sites. To avoid this kind of breach, the DBIR again recommends timely patches to remove vulnerabilities, as well as utilizing two-factor authentication and input monitoring.

Cyber-espionage: Usually hunting for intellectual property, cyber-espionage attacks prefer sticking to tried-and-true methods of breaching networks, only utilizing more sophisticated methods if the simple ones don’t work. Therefore, at least in this case, basic protections may be enough to divert many of these attacks, and should not be bypassed in favor of more specialized protection. As far as avoiding issues further, keeping patches up-to-date and monitoring changes to configurations will help monumentally, as will isolating compromised devices and separating them from the rest of your network.

Miscellaneous Errors: This category took all of the “Whoops!” issues that lead to compromised security into one bundle to deal with them. While Verizon reports that 40 percent of them were caused by a server issue, many others were triggered by employee mistakes - a full 26 percent included sending a message filled with sensitive data to the wrong recipient. The DBIR suggests strengthened controls on your network as a possible way to keep away from errors, such as data loss prevention software to lock down sensitive info. Additionally, Verizon recommends thorough disposal procedures to any aged-out equipment, as well as to stay focused and learn from the mistakes from your past.

Helpful information, certainly, with all that and more being available for free download at the Verizon Enterprise webpage. But big picture - what takeaway can you not afford to leave on the table? Ultimately, an overwhelming percentage of incidents reported in the DBIR pointed blame, or at least prime responsibility, for many of the errors that led to security breaches to one thing: human error.

Between the willingness to exploit the natural fallacies of human nature by cyber criminals and the human tendency to make mistakes independently, human beings are placed solidly as the weakest link in any cyber security chain. So, if humans are the problem, what is the solution?

In short, vigilance. Strongly enforce best practices regarding security in the workplace, and follow them yourself as an example. Be aware of current trends in cyber security attacks, and prepare yourself and your company accordingly. Identify and install security measures that best fit your needs and abilities.

For help with any of this, be sure to call Info Advantage at (585) 254-8710 first. Our ranks of professionals are here to help you when you need guidance concerning your business’ security solutions. With Info Advantage, you have a much greater chance of being a success than being a statistic.

0 Comments
Continue reading