Info Advantage Blog

SonicWall recently released their 2017 Annual Threat Report, which takes a look into the technology security trends in the upcoming year. In the report, SonicWall carefully observes and analyses the technology threat landscape from the last year and uses it to predict how it will continue to change in the future. Here’s a brief summary of their most important findings for 2017, and what it means for modern business.

Point-Of-Sale Malware Declining

With the integration of chip-based POS systems, hackers are finding it more difficult to steal sensitive information through POS malware attacks. The chip readers allow the transaction to be approved by creating a unique code that cannot be used again, as opposed to the traditional magnetic strip that uses the same code each time it is swiped. Thanks to the integration of the chip-reader, along with stronger legal guidelines, SonicWall observed that the number of new POS malware has decreased by 88 percent since 2015.

Website Encryption on the Rise

As web traffic continues to grow exponentially, users want to ensure that their data is kept safe. Due to this, many websites are opting to use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect sensitive user data. SSL/TLS encryption is represented by a lock and HTTPS URL, rather than the standard HTTP URL. This ensures the user that their information is safe, and is only being sent to the intended recipient. SonicWall believes the trend towards SSL/TLS encryption is due in part to the growing trend of cloud applications. They expect the trend to continue into 2017, and believe that SSL/TLS traffic will account for 75 percent of online interactions by the year 2019.

Ransomware Becoming More Popular

Ransomware was by far the most popular security attack in the previous year, with an increase from 3.8 million attacks in 2015 to 638 million in 2016. According to SonicWall’s Global Response Intelligence Defense (GRID), $209 million in ransom had been paid by affected companies by the end of the first quarter. The growth was most likely driven by the increased access of ransomware as the ransomware-as-a-service (RaaS) industry expanded. This allowed individuals to purchase a ransomware pack without requiring the necessary coding skills needed to launch an attack. The most common attack is known as Locky, and is often attached to emails as disguised as a Microsoft Word invoice. As the RaaS industry continues to grow, SonicWall’s GRID suggests that all organizations backup their data continuously to a backup system that isn’t always online, or uses authentication.

Internet of Things Devices Compromised

The recent advances in technology have opened up the world to more and more connections to the Internet from more than just a computer, smartphone or tablet. These days, Internet of Things (IoT) devices can be anything from a camera or smart watch, to a smart car or home security system. Due to the wide-adaptation of IoT devices, many developers have felt the pressure to release their devices as soon as possible, which often means oversight in security. This made it easy for hackers to discover weaknesses in IoT devices, resulting in the launch of largest distributed denial-of-service (DDoS) attacks in history. The attack used thousands of IoT devices with weak passwords to launch an attack on hosting company OVH and DNS service provider Dyn. This resulted in the outages for well-known sites such as Airbnb, Netflix, Reddit, Twitter, and Spotify. To protect your IoT devices, SonicWall suggests that you ensure your devices are protected by next-generation firewalls, which scan for specific IoT malware. They also suggest you separate all IoT devices from the rest of your network, in case it becomes compromised.

Android Security Increased, But Still Vulnerable

During 2016, Google worked on new operating systems that would directly combat many of the security vulnerabilities found in Android devices. They added additional security features, including a new approach to permission granting, an increase of security patches, and a full-disk encryption of the device. However, these new strides in security have been met with hacker resistance as they find new ways to combat these security measures. This includes screen overlays, ad-fraud malware HummingBad, self-installing apps, and third-party adult-centric apps. SonicWall suggests that any Andriod device on a company network should keep the “install applications from unknown sources” un-check and make sure both “verify applications” options are checked. It is also advised that users enable the “remote wipe” option in the event that the device is compromised.

The best way to combat an attack is to stop it before it becomes a problem. Contact Info Advantage’s security professionals today at (585) 254-8710 to learn more about proactive ways to ensure the safety of your data. 

There are thousands of breaches of information every year, threatening our personal information and sensitive data. On Feb 23^rd, news of a brand-new bug known as Cloudbleed dropped. This bug has affected thousands of sites, potentially leaking out the sensitive information of their users, according to a new report by CNET. Here is a quick guide to understanding exactly what Cloudbleed is, and how it may have affected you and your company.

What is Cloudbleed?

Cloudbleed is the name of the newest major security breach bug from an Internet security company known as Cloudflare. The issue arose when users entered their information onto secured “https” sites, such as a login page. Cloudflare’s service is meant to help securely move the information entered into the “https” sites between the user and the servers. Instead of deleting the information after it was used, the Cloudbleed bug caused Cloudflare’s security service to save potentially sensitive data, such as user credentials, photos, video frames, or even server and security information.

Who is affected by Cloudbleed?

There are currently around 3,400 websites believed to have been affected by the Cloudbleed bug, though the actual number could be much higher. The bug is believed to have started back as September, with the height of the problem occurring between February 13^th to the 18^th. Uber, Fitbit, and OKCupid are the main three that seemed to be directly affected by the bug. According to Cloudflare, the Cloudbleed bug is thought to have leaked information about “one in every 3,3000,000 HTTP requests” made through the service.

What can I Do Now?

As of now, Cloudbleed is no longer an active threat. Cloudflare was able to stop the bug just 44 minutes after it was discovered, and the problem was solved completely in 7 hours. While the impact is minimal and requires no immediate action, there are a few things individual users can do to keep themselves safe from potential data leakage.

It is recommended that you change your password on any account that uses Cloudflare. This includes sites such as OKCupid, Fitbit, and Medium are some of the most popular sites that are known to use Cloudfare’s services. If you are unsure whether or not a site you use was affected, there is now a webpage that tells you whether or not a site is infected. 

It is also recommended that you use a two-step authentication on any site or service that offers it. This will ensure that no one will be able to access your account, even if they are able to get your user credentials.

-

With thousands of security breaches per year, you can’t afford to wait for security. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how to keep your data safe. 

The Internal Revenue Service is one organization that you don’t want to mess with. Thanks to their antics filing fraudulent tax returns through the often-exploited Get Transcript site managed by the IRS, Anthony and Sonia Alika have to do some time in the slammer; and that’s not even mentioning what they have to pay the IRS in restitution.

Mr. Alika is set to serve 80 months in prison followed by three years of supervision upon release, and must pay $1,963,251.75 in restitution for conspiracy to commit money laundering. On the other hand, his wife must serve 21 months of jail time, followed by three years of supervision and an IRS restitution of $245,790.08 for structuring cash withdrawals to avoid the required bank reporting. They both pled guilty to their respective crimes.

Their actual crime: laundering $1 million in money stolen from the U.S. Treasury by filing fraudulent forms. In particular, they filed fraudulent income tax returns using data stolen from the Get Transcript service. Get Transcript was originally created so that taxpayers could review their past returns, but the Alikas used it to obtain data that they needed to steal from the IRS.

The Alikas, and their co-conspirators, would then use the funds to purchase prepaid debit cards, and register them to the identities that they had stolen. They would then file their tax returns using the fake identities and receive the refunds on the prepaid cards. The cards were then used to purchase money orders and deposit the money into bank accounts, which was then withdrawn in small amounts to avoid suspicion and bank reporting.

Keep in mind that this isn’t the first time Get Transcript has been utilized for fraudulent activity. In May 2015, 100,000 tax accounts were stolen and used to steal $50 million from the IRS. That’s a ton of cash that could have been saved if it weren’t for the lax authentication requirements. In response to this case, the United State Department of Justice put out a press release outlining some best practices to keep personal information and accounts as safe and secure as possible.

File Your Taxes Early
If you’ve already filed your legitimate tax return, refund criminals like the Alikas can’t file using your identity. The longer a return goes without being filed, the more time you’re giving hackers to file a fraudulent return using your stolen identity.

Use Strong Usernames and Passwords
This tip can be applied to all online accounts--especially those that contain sensitive information, like your tax return. You should have passwords and usernames that are unique to your person; if someone else were to get ahold of your credentials, or if you share them, the chances of them getting stolen multiply.

BONUS TIP: Randomized strings of upper and lower-case letters, numbers, and (if permitted) symbols are the most secure option when selecting a password.

For more information on how to keep your computer systems and your identity safe, reach out to us at (585) 254-8710.

Security professionals have been at war with hackers ever since the Internet was created, but a recent NATO decision has affirmed the fact that cybersecurity is a real-world problem, and one that needs to be fixed. Just like land, air, and sea, cyberspace has become a battlefield, albeit a very different kind of battlefield.

The decision by NATO declares that cyberspace can be defined as an “operational domain,” which is an area where conflict can occur. There have been some incidents of cyber attacks that have transcended from the cyber realm, to having effects in the physical world, such as the recent Ukrainian electrical grid hack, or the supposed Iranian hack of a United States dam control system. The idea is that hacking attacks can have direct effects, such as causing blackouts or turning off critical systems.

NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”

Technology is so prevalent in today’s world that it’s practically impossible to imagine warfare, of any kind, that’s not assisted by it; and where there are technology systems, there are networks that can be hacked and taken advantage of. If data that’s deployed to bases or war zones is inaccurate, lives can be lost, rather than protected. Another example would be hacking critical infrastructure, like with what happened in the Ukraine, which left countless citizens without heat, electricity, and other necessities.

In particular, NATO plans on securing its networks and focusing on helping other countries secure theirs, as well as implementing ways to identify where attacks come from, and why. In 2014, NATO changed its policies on cyber attacks to allow NATO to respond in force to any attacks against nations that are involved with the organization, so defining cyberspace as a grounds for conflict shows just how quickly this situation is escalating.

Of course, all of this is easier said than done. Cyber security as a whole is still handled primarily on a state level, and while the US and UK plan on investing in cyber security, other countries find that it’s of low priority, or that it’s too far off to consider at this moment.

This decision by NATO should reaffirm that your business needs to take a cautious, proactive approach to network security, as well as leverage best practices in order to minimize risk while working online. If your business falls victim to a hacking attack, you’ll realize far too late that the online world is a dangerous place filled to the brim with malicious entities. Therefore, it’s in your best interest to take a preventative approach to network security.

Info Advantage can equip your business with the tools needed to keep your IT infrastructure safe. To learn more, give us a call at (585) 254-8710.