Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

Logo

Blog banner image

Info Advantage Blog

Info Advantage has been serving the Upstate New York area since 1993 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

The Threat of Your Car Being Hacked is Becoming Increasingly Relevant

The Threat of Your Car Being Hacked is Becoming Increasingly Relevant

In response to the increasing danger of cyber attacks against computerized cars that are currently in production, Volkswagen has partnered up with three Israeli experts in cybersecurity to form a brand new cybersecurity company dedicated to designing solutions intended to protect such advanced cars and their passengers.


While ownership and investments made by each party have not been made public, the mission of Cymotive--as the new entity is called--is perfectly clear.

As Yuval Duskin, who formerly sat at the helm of the Israeli Security Services and now serves as Cymotive chairman, said: "Together with Volkswagen we are building a top-notch team of cyber security experts. We are aware of the significant technological challenges that will face us in the next years in dealing with the cyber security threats facing the connected car and the development of the autonomous car."

These cyber security threats are far too real. Features like Bluetooth connectivity and computerized dashboards have made modern automobiles tempting targets for tech-savvy criminals. Quite recently researchers discovered that an attacker armed with an inexpensive radio kit could clone their way into any wireless-entry-equipped Volkswagen, potentially opening any of the automobiles equipped with this feature sold since 2000--the number of potential cars at risk reaching into the millions.

Volkswagen, of course, is not the only car maker whose systems are under threat of attack. A few seasoned car hackers recently proved that--by attaching a laptop to the controller area network (or CAN bus) of a Jeep Cherokee--they could take full control of the vehicle’s brakes. Posting proof of their method in a YouTube video, the duo used a local attack but stated that with some more effort, a similar attack could be executed remotely.

However, after submitting their findings to Fiat Chrysler Automobiles (producer of the Jeep brand) the automotive manufacturer waved away the findings, questioning their validity and how appropriate it was for the hacking duo to share “how-to information” that could potentially put public safety in jeopardy. Fiat Chrysler Automobiles also declared that such an attack takes “extensive technical knowledge” and that any security flaws present in the demonstration had since been patched.

However, hackers of a more malicious nature are always seeking out new vulnerabilities that the manufacturers and programmers of whatever system (automotive, computing, or otherwise) may have overlooked. As a result, there is an ongoing (and most likely never ending) race between hackers and developers to come out on top… At least until the next revolutionary technology emerges and starts the race over.

Does the ability of computer hackers to infiltrate your car make you consider downgrading during your next automotive purchase? Let us know in the comments.

0 Comments
Continue reading

4 Important Lessons Learned From Verizon’s Annual Security Report

4 Important Lessons Learned From Verizon’s Annual Security Report

Verizon has taken to publishing a compilation report analyzing data breach statistics with the help of industry partners, a report that is widely regarded as a must-read for the industry. A brief review of the latest edition’s executive summary revealed where information security vulnerabilities lie in industries worldwide and, even more helpfully, what shape those vulnerabilities took. The Data Breach Investigations Report, or DBIR, pulled no punches in outlining what kind of attacks happened in the past year, and how.


The DBIR has its own system of outlining breach types that divide events and incidents into nine categories. Information-based companies appeared predominantly in four of them, with helpful tricks to prevent such breaches from happening again.

Crimeware: Perhaps unsurprisingly, one of the industries crimeware targeted most was the information industry, with the DBIR citing a rise in ransomware (39 percent of all analyzed attacks in 2015 involved ransomware). While the scope the DBIR funnels under the Crimeware title is fairly large (“This covers any use of malware that doesn’t fall into a more specific pattern”), this by no means cheapens the risks - it arguably compounds them, as it only goes to show how many pieces of crimeware exist. To defend against them, the DBIR recommends frequent patches and backups as well as monitoring changes to configurations.

Web App Attacks: Considering that 95 percent of web app attacks were financially motivated in their reports, it’s no surprise that e-commerce platforms were among the most targeted by these intrusions. These attacks are often the result of a successful phishing campaign or the infiltration of a vulnerable site. The other side of web app attacks, content management system breaches, saw plenty of digital graffiti and the repurposing of infiltrated sites as phishing sites. To avoid this kind of breach, the DBIR again recommends timely patches to remove vulnerabilities, as well as utilizing two-factor authentication and input monitoring.

Cyber-espionage: Usually hunting for intellectual property, cyber-espionage attacks prefer sticking to tried-and-true methods of breaching networks, only utilizing more sophisticated methods if the simple ones don’t work. Therefore, at least in this case, basic protections may be enough to divert many of these attacks, and should not be bypassed in favor of more specialized protection. As far as avoiding issues further, keeping patches up-to-date and monitoring changes to configurations will help monumentally, as will isolating compromised devices and separating them from the rest of your network.

Miscellaneous Errors: This category took all of the “Whoops!” issues that lead to compromised security into one bundle to deal with them. While Verizon reports that 40 percent of them were caused by a server issue, many others were triggered by employee mistakes - a full 26 percent included sending a message filled with sensitive data to the wrong recipient. The DBIR suggests strengthened controls on your network as a possible way to keep away from errors, such as data loss prevention software to lock down sensitive info. Additionally, Verizon recommends thorough disposal procedures to any aged-out equipment, as well as to stay focused and learn from the mistakes from your past.

Helpful information, certainly, with all that and more being available for free download at the Verizon Enterprise webpage. But big picture - what takeaway can you not afford to leave on the table? Ultimately, an overwhelming percentage of incidents reported in the DBIR pointed blame, or at least prime responsibility, for many of the errors that led to security breaches to one thing: human error.

Between the willingness to exploit the natural fallacies of human nature by cyber criminals and the human tendency to make mistakes independently, human beings are placed solidly as the weakest link in any cyber security chain. So, if humans are the problem, what is the solution?

In short, vigilance. Strongly enforce best practices regarding security in the workplace, and follow them yourself as an example. Be aware of current trends in cyber security attacks, and prepare yourself and your company accordingly. Identify and install security measures that best fit your needs and abilities.

For help with any of this, be sure to call Info Advantage at (585) 254-8710 first. Our ranks of professionals are here to help you when you need guidance concerning your business’ security solutions. With Info Advantage, you have a much greater chance of being a success than being a statistic.

0 Comments
Continue reading

What is your Identity Worth to You?

Your identity has quite a lot of value, especially in the wrong hands. Security firm ZoneAlarm put together some numbers in 2011 concerning identity fraud, and it even shocked us. Let's talk about a few of these statistics and what it means.

0 Comments
Continue reading

Alert: A New Malware to Worry About for PC Gamers Using Steam

b2ap3_thumbnail_steam_stealer_angers_gamers_400.jpgHackers have always gone after industries that are profitable, or hold sensitive information that can be lucrative when sold under the table. As such, retailers that accumulate financial credentials are often hit by hacks. The entertainment industry is no different, and hackers continue to grow craftier in their pursuit of wealth and power. Not even Steam, the PC gamer’s most valuable software solution, is safe from the dangers of hacking attacks.

0 Comments
Continue reading

Is the Reform of ECPA Enough to Prevent the Government From Reading Your Emails?

b2ap3_thumbnail_ecpa_refore_hitting_congress_400.jpgHow private are your emails and other digital communications? Can the government go through your digital files without you knowing about it? As you may have suspected, they can, thanks to a loophole in an outdated law--a loophole that U.S. lawmakers are trying to close.

0 Comments
Continue reading