Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

Logo

Blog banner image

Info Advantage Blog

Info Advantage has been serving the Upstate New York area since 1993 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

ShadowBrokers: The Group Behind WannaCry

ShadowBrokers: The Group Behind WannaCry

The WannaCry ransomware attack was created by hacking amatures who copied from a famous hacker group known as the shadow brokers. While WannaCry is no longer a threat with the latest security update, a recent announcment shows that the hacker group is going to continue to release dangerous security exploits for anyone to use, at the right price.

Who are the ShadowBrokers?

There are a few theories about who makes up the membership of the ShadowBrokers group. These theories range from official National Security Agency employees to Russian spies. However, all these theories are based on unreliable information, so not much is actually known about the group. The only thing known for certain is that the ShadowBrokers use social media to sell cybersecurity secrets to amatures.

What do they sell?

The ShadowBrokers’ first started to auction off security secrets in August of 2016. They promised the highest bidder would receive cycbersecurity vulnerabilities that work just as well as government cyber weapons. Over the next year, the ShadowBrokers used a variety of different means to sell their secrets: auctions, crowdfunding, and direct sales. In April of 2017, their fifth release of information went public, which included the ETERNALBLUE Windows vulnerability that allowed WannaCry to infect over 300,000 computers in a single day.

The Latest Release

The ShadowBrokers have recently announced a subscription service that would include access to bi-monthly security exploit releases in early September 2017. The first package they sold included an NSA exploit titled UNITEDRAKE, which allows hackers to remotely monitor or control a computer running any Microsoft OS between Windows XP and Windows 8.The exploit can also discreetly record audio from your microphone, video from your webcam and anything that is typed on the keyboard. It can also remotely remove itself from the target computer, leaving no signs of a breach.

How to protect yourself from ShadowBrokers releases

Luckily, all the security exploits that the ShadowBrokers have released targeted older, outdated versions of software.The best way to protect your computers is make sure your operating system is properly upgraded and patched. Advanced network monitoring can detect suspicious activity, but that requires a significant amount of time and IT knowledge, making it difficult for small- to medium-sized businesses who usually don’t have the resources to handle around-the-clock maintenance. This is where Info Advantage can help.

If you are worried about the ShadowBrokers releases, or have any other cyber security concerns, contact Info Advantage today at (585) 254-8710 today to learn more about how we can help keep your network safe.

0 Comments
Continue reading

Statistics Show Your Employees Might Be Mishandling Your Company Data

Statistics Show Your Employees Might Be Mishandling Your Company Data

 

How safe is your company’s data? According to a new survey released by tech giant Dell, there’s a large chance that it’s not very secure at all. The statistics revealed by the survey are dismaying, with the survey’s key finding was that 35 percent of employees report that it’s common practice to take proprietary company information when leaving their firm.

As bad as that is, the rest of the statistics in Dell’s survey were even worse. About 36 percent of employees regularly open emails from unknown, untrusted sources, making them extremely susceptible to threats such as phishing attacks.

Forty-five percent of employees admit to engaging in behaviors they know to be unsafe from a cybersecurity standpoint, including; using personal email accounts for work, misplacing company-issued devices and connecting to public WiFi to access confidential or proprietary information.

In addition, 72 percent of employees reported being willing to share proprietary, sensitive or confidential information under certain circumstances.

All of this paints a stark picture of a problem with no easy solution. The old saying is true; your employees are your greatest asset, and also your company’s biggest threat.

It’s easy, for example, to say that better employee education is the answer. While the exact scope and scale of the problem may not have been known before, it’s certainly no secret that phishing attacks aimed at rank and file employees have been a longstanding problem. To this point, few companies have bothered to attempt to better educate their employees.

Worse, the few that have haven’t seen much of an improvement.

In a similar vein, it would be easy to make the blanket statement that having a robust data policy in place would go a long way toward alleviating the problem. However, talking about it and actually developing and implementing such a policy has, at least to this point, proven to be a daunting undertaking.

 

0 Comments
Continue reading

Are All Hackers Bad Guys? A Guide to Different Types of Hackers

Are All Hackers Bad Guys? A Guide to Different Types of Hackers

 

Since the 1950s, the term 'hacker' has been vaguely defined as someone who explores the limits of technology by testing them in as many different ways they can. But by the 1980s, the term ‘hacker’ became associated with users who were caught breaking into government and other private computer systems, leaving the word with a negative reputation. Today, several pioneering ‘hackers’ run multimillion-dollar cyber security consulting businesses aimed to help protect the average technology user from attacks. So what should you call someone who uses their knowledge for good?

“White hat” hackers

Also known as ‘ethical hackers’, or ‘network security specialists’, these hackers are the heroes of the hacker name. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs, or working as full-time technicians, white hat hackers are just interested in testing technology and protecting users. Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.

“Black hat” hackers

Closer to the definition that most people outside the IT world know, black hat hackers aim to create software and other technology campaigns with the purpose of causing damage. These attacks have a variety of different goals; such as financial harm in the form of ransomware to digital vandalism. Albert Gonzalez is one of the most infamous black hat hackers. In 2005, he organized a group of individuals to compromise poorly secured wireless networks and steal information. He is most known for stealing over 90 million credit and debit card numbers from TJ Maxx over the course of two years.

“Gray hat” hackers

A sort of ‘in-between’ of the other categories, a ‘gray hat’ hacker does the majority of their work on the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking. Today, there are quite a few headlines making the rounds describing Marcus Hutchins as a gray hat hacker. Hutchins became an overnight superstar earlier this year when he poked and prodded the WannaCry ransomware until he found a way to stop it. During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has recently been arrested and was branded as a ‘gray hat’ hacker.

The world of cyber security is far more complicated than the stylized hacking often seen in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t only aim for big money targets. If you need a team of experienced professionals to help you tackle the complexities of modern cyber security, call Info Advantage today at (585) 254 – 8710.

 

0 Comments
Continue reading

WannaCry: The Worst Digital Disaster the World Has Seen in Years

WannaCry: The Worst Digital Disaster the World Has Seen in Years

 

On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.

The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.

Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.

So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.

However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.

What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.

A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.

Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.

Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.

 

0 Comments
Continue reading

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

0 Comments
Continue reading

Homographs: Using Different Languages to Steal Your Data

Many hackers rely on their ability to trick users into giving up information or control of their technology. As technology advances, hackers continue to find new and updated ways to gain access to user accounts. One scam in particular, known as homographs, has seen an increase of popularity as of late.

What are they?

Homographs are a phishing strategy that is used to disguise a hyperlink to look like a legitimate, secure website. Scammers are able to use these attacks due to the way that many browsers interpret URLs with characters from another language. An example of this can be found with Russian Cyrillic letters, many of which look similar to English letters. To account for this, browsers utilize basic translation tools so a user can still access a legitimate website using non-English characters by translating the address into a series of English letters and numbers.

How do hackers use homographs?

Hackers are able to take advantage of homographs by using letters from another language that look identical to letters of the English language. They create a URL that looks identical to the legitimate site, but once clicked it will automatically take you to a compromised site where your data can be at risk. This attack works because users won’t be able to see that the URL is not legitimate until it is too late, as once they click the link they will most likely be infected by malware.

How can I protect myself?

While many browsers have created fail-safes to combat this issue, there are still many browsers that are left unprotected. Even those that do use the fail-safes can be easily tricked, so it’s up to the user to prevent the attack. Be conscious of every link you click, and never open up a URL that you cannot verify. This means any URL in an unknown email address, or a pop-up ad that claims to be a legitimate company. The best way to avoid homograph attacks is to always manually type in the web address.

Want to know more about how to prevent cyberattacks? Contact Info Advantage at (585) 857-2644 to talk to our security and technology professionals today.

Tags:
0 Comments
Continue reading

The Dangers of Autofill: How Scammers Can Use Browsers to Steal Credit Cards

The Dangers of Autofill: How Scammers Can Use Browsers to Steal Credit Cards

If you’re an avid online shopper, you know the struggle of having to fill out your information each and every time you want to make a purchase. For many, autofill is a way to save time when shopping online. While this feature is convenient, it can also put your data directly into the hands of cybercriminals if a user isn’t careful.

How They Do It

Hackers are able to use autofill to their advantage by adding hidden fields in a sign-up form. These fake sign-up forms try to trick users into giving up more information than they think they are. The form may seem to only ask for a name or email address, but can secretly also take any other information that has been saved in a browser’s autofill. This could include information such as a billing address, phone number, credit card number, security codes, and other sensitive personal data. While this method of attack isn’t necessarily new, whitehat hackers have had trouble finding effective ways to counter the threat.

Prevent an Autofill Attack

Autofill attacks can happen to nearly any user on any browser that has autofill enabled. However, browsers such as Chrome and Safari are particularly prone to these types of attacks, as autofill comes pre-configured when the browser is first downloaded. To avoid these types of attacks, experts suggest using a browser without autofill, such as Firefox. If you want to stick with Chrome or Safari, you may want to consider disabling the autofill feature. If you enjoy the convenience of autofill, make sure you only utilize the feature on sites that have been marked as secure. Otherwise, it’s advised that you take the time to fill in each field by hand to avoid giving information you don’t want to give.

Worried that your sensitive data might be at risk of leaking? Call Info Advantage at (585) 254-8710 today to talk to a security expert about how you can keep your private data safe.

0 Comments
Continue reading

What the Cancellation of the FCC Online Privacy Rules Means for You

What the Cancellation of the FCC Online Privacy Rules Means for You

Congress recently voted to do away with Obama-era regulations that were intended to protect consumer data from being sold to advertisers without the user’s consent. As of April 4th, President Trump has officially signed the legislation that will dismantle the internet protection that had originally been approved in October 2016.

What Was Voted On?

Congress voted on whether or not to keep a set of Internet privacy rules approved back in October during the end of the Obama administration. The measure, which was passed by a 215-205 vote according to NBC News, blocks the FCC from being able to enforce new privacy rules that had been passed last year by the Obama administration last year before the election. The legislation, which was recently signed by the President, also bans the FCC from issuing any similar online protections in the future.

What Information Can Be Bought?

The original policy would have banned Internet providers from collecting, storing, sharing and selling user information. They would be allowed to collect and sell information such as your web history and app usage, according to The Washington Post. The rules also required Internet providers to use stronger security safeguards to protect customer data against hackers. Now that the policies have been brought down, providers are able to monitor their customer’s online activity and use the data they’ve collected to create highly targeted ads. It also allows them to sell the information to advertisers, financial firms, and other for-profit companies.

How Can I Protect My Data?

As of now, there are no real changes being made to the Internet security policy, so not much is expected to change right away. However, experts suggest a few methods that users can use to keep their data to themselves. First, security experts suggest that you use a virtual private network, or VPN. VPNs will hide your location so they cannot verify your identity, and hides your Internet traffic so that no one will be able to see your browsing history. Security professionals also suggest that users make use of HTTPS sites, which ensure users that their data is secure and will not be shared.

Contact Info Advantage today at (585) 857-2644 to learn more ways you can protect your personal data from being shared or sold.

0 Comments
Continue reading

BYOD Security and What You Need to Know

BYOD Security and What You Need to Know

As more people gain access to their own smart devices, the environment is changing around the globe. The vast adaptation of the mobile device has allowed individuals to stay connected at any time, and the world is shifting to accommodate the newest wave of technology. For companies, this means the ability to do business anywhere at any time, especially when paired with cloud capabilities. Bring your own device (BYOD) allows businesses to stay connected to their work without having to physically be in the office, making it a popular option for modern businesses. However, with a BYOD policy comes some risk. Here are all the things you should be aware of when considering a BYOD policy.

Data Leaks

One of the major issues that many companies have with BYOD policies is the real possibility of data leaks. With a secured, physical workstation, it’s easy to closely monitor all activity going in and out of your network. However, most handheld devices don’t have anything near the amount of security found at a typical workplace. This means that the device won’t be connected to the company firewall and security programs the second they leave the office. This can leave your data vulnerable if they plan to do work in a public place.

 

Lost Devices

One of the issues that comes with the convenience of mobile devices is the ability to lose them, a problem that had previously not been an issue with the physical workstations. When a device is lost, there is a chance that it could end up into the hands of someone who will use the data to gain something, such as money through extortion or valuable information. You’ll want to make sure that any device that carries sensitive information can be remotely wiped, and that they all have some fort of PIN or password for protection.

 

Malicious Software and Hackers

Since mobile devices don’t have as much security as your typical workstation, many lack the proper data encryption to keep all the information secure. This can often result in issues with hackers, who may lurk at public Wi-Fi spots to root out sensitive information. This also leaves the open to viruses, which are a major issue with BYOD policies. If an employee wants to bring their own device, you’ll want to make sure they understand the risk not only for your company, but for their personal lives as well.

Want to implement BYOD but you aren’t sure what security measure you will need to keep your company data away from prying eyes? Contact our Info Advantage today at (585) 254-8710 to learn more about how you can get technology to work for you.

 

0 Comments
Continue reading

Proactive Cyber-Security: How to Stop Data Breaches Before They Happen

Proactive Cyber-Security: How to Stop Data Breaches Before They Happen

These days you can’t go anywhere on the Internet without hearing about some sort of data breach. With cyber-attacks on the rise, many companies are trying a new approach to data security; proactive security plans. These plans focus on preventing data breaches, rather than reacting to an attack as it happens.

Understand the Threats

Knowledge is one of the most important tools used to fight against data breaches. Before you’re able to work towards creating a system that prevents cyber-attacks, you need to make sure that everyone involved knows what threats they are dealing with. Companies should take the time to review the different attack types that are common in their particular industry, and should have a meeting with whoever handles their IT at least twice a year to make sure they are up-to-date on the newest threats.

Map Out Your Protection

After you create your list of major attack types you want to look out for, you will need to map out your company’s technology environment to see how these attacks could threaten each individual piece. This includes any device that connects to the Internet, what services are currently protecting those devices, and the type of data they have access to. This will give you a better picture of what areas need more attention.

Create a Security Baseline

Once you get a better understanding of the current threats and how they apply to your IT environment, it’s time to create a baseline for your company security. This can be done by creating a variety of different real-life scenarios, and testing them out on your current network. This will help you to discover the strengths and weaknesses of your network.

Once you have your system mapped out, it’s time to implement your security plan. These plans will allow you to focus on preventing things that cause data leaks or downtime, rather than reacting to issues as they come along. This will lead to an increase of productivity and efficiency.

If you’re looking to buff up your security, don’t wait any longer! Call Info Advantage at (585) 254-8710 to speak to a security professional about how you can prevent potential cyber-attacks.  

0 Comments
Continue reading

FBI Director Insists Government Can Access Any Private Record

FBI Director Insists Government Can Access Any Private Record

Does the U.S. Constitution allow the American government to access the electronic devices of its citizens? According to FBI Director James Comey’s statements at Symantec’s Annual Government Symposium, it certainly does.


This situation was birthed from the tussle between Apple and the Federal Bureau of Investigation after Apple refused to grant the FBI the information necessary to unlock an encrypted iPhone linked to a terror case. In the end, the FBI managed to unlock the device without assistance from Apple after threats of lawsuits and other unpleasantries were thrown around.

Reacting to this issue, as well as the trend towards more encryption in mobile devices causing complications during investigations, Comey clarified the bureau's stance on the privacy of the American citizen. Conceding that there is a reasonable expectation of privacy in houses, vehicles, and mobile devices, Comey asserts that there are other considerations to take into account to justify revoking that expectation, going on to say: “With good reason, the people of the United States--through judges and law enforcement--can invade our public spaces."

This statement, however, begs the question: how does a personal device really qualify as a public space? Again, according to Comey, it does in the U.S. “Even our memories are not absolutely private in the United States,” Comey said. “Even our memories are not absolutely private in the United States. Even our communications with our spouses, with our lawyers, with our clergy, with our medical professionals are not absolutely private. A judge in certain circumstances can order all of us to testify about what we saw or remembered or heard. There are really important constraints on that, but the general principle is one we’ve always accepted in the United States, and it’s been at the core of our country. There is no such thing as absolute privacy in America. There is no place outside of judicial authority.”

Comey also made a point of saying that, while the FBI has no business telling American citizens how to live and govern themselves, the tech companies have no business doing so either. This came as a direct response to the open letter many tech company higher-ups signed last April that demanded the US government end the mandates that would require access to encryption keys for the interests of law enforcement and national security.

Naturally, these Silicon Valley leaders don’t agree with Comey, and neither do all of his peers. Nuala O’Connor, who holds the titles of president and CEO of the Center for Democracy & Technology as well as the first Federal Chief Privacy Officer for Homeland Security, had little good to say about the ideas of her respected peer. According to O’Connor, “He could not be more wrong on encryption.”

What are your thoughts on Director Comey’s views? Do you think any government has the inherent right to access a digital device--arguably invading the privacy of the citizen--even if it's ultimately for the greater good? Share your thoughts in the comments, and be sure to keep checking back to Info Advantage’s blog.

0 Comments
Continue reading

Spam Company Accidently Leaks 1.37 Billion Email Addresses

Spam Company Accidently Leaks 1.37 Billion Email Addresses

A company known as River City Media (RCM) has accidently leaked the email addresses of 1.37 billion users due to the failure of setting up a password protection on their remote backup storage. In addition to email addresses, the database also included thousands of real names, IP addresses, and even physical addresses. In all, some 200GB of data had been exposed for several months, leaving it vulnerable to cyberattacks.

The leak was found by Chris Vickery, a security researcher for MacKeeper. In his blog post published on Monday, March 6, Vickery explains that MacKeeper worked closely with CSOOnline and Spamhaus after the discovery of the files in January. Vikery and his team were able to trace the files back to RCM, a notorious spam operation.

RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends,” says Vickery.

Vickery believes the company was able to obtain the almost 1.4 billion email addresses through offers such as credit checks, sweepstakes, and education opportunities. There is also evidence that similar spam companies also contributed to the list. While some percentage of the user may have fallen for RCM’s spam offerings, Vickery also suggests that the company used a variety of more advanced techniques to lure users to give up their email address.

“One is called co-registration,” explains Vickery, “That’s when you click on the “Submit” or “I agree” box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site.

The leak is blamed on a failed remote backup attempt, which left a ‘snapshot’ of the company data from January 2017 exposed to the internet. Anyone who found the data would be able to access internal chatlogs, emails, and the 200GB email collection RCM had acquired. According to Vickery, the failure was due to RCM failing to put a password up on their repository, leaving it poorly secured.

Since the release of the break, Spamhaus has blacklisted the entirety of RCM’s infrastructure. The research team working on the case have also reached out to law enforcement agencies about the data leakage and suspected illegal spamming.

Putting security and proper backup on the back burner can cause serious damage. Don't let your company fall pray to the thousands of threats that lurk just a click away. Contact Info Advantage today at (585)  254-8710 to speak to a technology consultant about your security and backup environment.

0 Comments
Continue reading

Highlights from SonicWall's 2017 Annual Threat Report

Highlights from SonicWall's 2017 Annual Threat Report

SonicWall recently released their 2017 Annual Threat Report, which takes a look into the technology security trends in the upcoming year. In the report, SonicWall carefully observes and analyses the technology threat landscape from the last year and uses it to predict how it will continue to change in the future. Here’s a brief summary of their most important findings for 2017, and what it means for modern business.

Point-Of-Sale Malware Declining

With the integration of chip-based POS systems, hackers are finding it more difficult to steal sensitive information through POS malware attacks. The chip readers allow the transaction to be approved by creating a unique code that cannot be used again, as opposed to the traditional magnetic strip that uses the same code each time it is swiped. Thanks to the integration of the chip-reader, along with stronger legal guidelines, SonicWall observed that the number of new POS malware has decreased by 88 percent since 2015.

Website Encryption on the Rise

As web traffic continues to grow exponentially, users want to ensure that their data is kept safe. Due to this, many websites are opting to use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect sensitive user data. SSL/TLS encryption is represented by a lock and HTTPS URL, rather than the standard HTTP URL. This ensures the user that their information is safe, and is only being sent to the intended recipient. SonicWall believes the trend towards SSL/TLS encryption is due in part to the growing trend of cloud applications. They expect the trend to continue into 2017, and believe that SSL/TLS traffic will account for 75 percent of online interactions by the year 2019.

 

Ransomware Becoming More Popular

Ransomware was by far the most popular security attack in the previous year, with an increase from 3.8 million attacks in 2015 to 638 million in 2016. According to SonicWall’s Global Response Intelligence Defense (GRID), $209 million in ransom had been paid by affected companies by the end of the first quarter. The growth was most likely driven by the increased access of ransomware as the ransomware-as-a-service (RaaS) industry expanded. This allowed individuals to purchase a ransomware pack without requiring the necessary coding skills needed to launch an attack. The most common attack is known as Locky, and is often attached to emails as disguised as a Microsoft Word invoice. As the RaaS industry continues to grow, SonicWall’s GRID suggests that all organizations backup their data continuously to a backup system that isn’t always online, or uses authentication.

 

Internet of Things Devices Compromised

The recent advances in technology have opened up the world to more and more connections to the Internet from more than just a computer, smartphone or tablet. These days, Internet of Things (IoT) devices can be anything from a camera or smart watch, to a smart car or home security system. Due to the wide-adaptation of IoT devices, many developers have felt the pressure to release their devices as soon as possible, which often means oversight in security. This made it easy for hackers to discover weaknesses in IoT devices, resulting in the launch of largest distributed denial-of-service (DDoS) attacks in history. The attack used thousands of IoT devices with weak passwords to launch an attack on hosting company OVH and DNS service provider Dyn. This resulted in the outages for well-known sites such as Airbnb, Netflix, Reddit, Twitter, and Spotify. To protect your IoT devices, SonicWall suggests that you ensure your devices are protected by next-generation firewalls, which scan for specific IoT malware. They also suggest you separate all IoT devices from the rest of your network, in case it becomes compromised.

 

Android Security Increased, But Still Vulnerable

During 2016, Google worked on new operating systems that would directly combat many of the security vulnerabilities found in Android devices. They added additional security features, including a new approach to permission granting, an increase of security patches, and a full-disk encryption of the device. However, these new strides in security have been met with hacker resistance as they find new ways to combat these security measures. This includes screen overlays, ad-fraud malware HummingBad, self-installing apps, and third-party adult-centric apps. SonicWall suggests that any Andriod device on a company network should keep the “install applications from unknown sources” un-check and make sure both “verify applications” options are checked. It is also advised that users enable the “remote wipe” option in the event that the device is compromised.

The best way to combat an attack is to stop it before it becomes a problem. Contact Info Advantage’s security professionals today at (585) 254-8710 to learn more about proactive ways to ensure the safety of your data. 

0 Comments
Continue reading

Fruitfly: The First Apple Malware of 2017

Fruitfly: The First Apple Malware of 2017

One of the major arguments for die-hard Apple fans is that their devices are nearly invulnerable to the attacks that work their way into other operating systems, such as malware or viruses. While it is true that Apple has a much lower rate of malware infections, this does not make it impenetrable, and hackers are constantly looking for new ways to extort data. One newly discovered malware, known as Fruitfly, takes advantage of an antiquated code that allows it to run undetected on macOS systems.

What is Fruitfly?

Fruitfly is a newly discovered type of malware recently found by the team at Malwarebytes. While relatively harmless, this malware is able to hide inside of OS X without alerting the user of its presence. The malware communicates with two command-and-control servers, which allows it to perform actions such as typing, webcam and screen capture, and even moving and clicking the mouse. It can also map other devices and try to connect with them.

Where did Fruitfly come from?

There is a bit of mystery surrounding the origins of Fruitfly. According to Malwarebytes, Fruitfly may have been hiding in a OS X for several years, as much of its code indicates that it was adapted from OS X to Yosemite, making it at least three years old. However, there are also lines of code that rely on pre-OS X systems, and some open-source ‘libjpeg’ code, which hasn’t been updated since 1998. So far, most of the discovered instances of Fruitfly have been found on machines at biomedical research institutions.

What can I do to protect my device?

Luckily, it seems that most of the Fruitfly attacks are targeted, making them a minor threat to an everyday user. However, Apple has yet to release a patch against Fruitfly, so users should take caution and keep an eye out for any updates they release in the near future. One of the best ways to ensure that your device stays infection-free is through constant monitoring of your network. Keep an eye out for any irregularities, and don’t let anything go unreported.

Worried that your network is in danger of malware infection? Not sure what to look for when monitoring your network? Contact Info Advantage today at (585) 254-8710 to talk to an IT professional about how to keep your devices safe from harmful attacks.

0 Comments
Continue reading

Cloudbleed: The Internet’s Newest Security Bug

Cloudbleed: The Internet’s Newest Security Bug

There are thousands of breaches of information every year, threatening our personal information and sensitive data. On Feb 23rd, news of a brand-new bug known as Cloudbleed dropped. This bug has affected thousands of sites, potentially leaking out the sensitive information of their users, according to a new report by CNET. Here is a quick guide to understanding exactly what Cloudbleed is, and how it may have affected you and your company.

What is Cloudbleed?

Cloudbleed is the name of the newest major security breach bug from an Internet security company known as Cloudflare. The issue arose when users entered their information onto secured “https” sites, such as a login page. Cloudflare’s service is meant to help securely move the information entered into the “https” sites between the user and the servers. Instead of deleting the information after it was used, the Cloudbleed bug caused Cloudflare’s security service to save potentially sensitive data, such as user credentials, photos, video frames, or even server and security information.

Who is affected by Cloudbleed?

There are currently around 3,400 websites believed to have been affected by the Cloudbleed bug, though the actual number could be much higher. The bug is believed to have started back as September, with the height of the problem occurring between February 13th to the 18th. Uber, Fitbit, and OKCupid are the main three that seemed to be directly affected by the bug. According to Cloudflare, the Cloudbleed bug is thought to have leaked information about “one in every 3,3000,000 HTTP requests” made through the service.

What can I Do Now?

As of now, Cloudbleed is no longer an active threat. Cloudflare was able to stop the bug just 44 minutes after it was discovered, and the problem was solved completely in 7 hours. While the impact is minimal and requires no immediate action, there are a few things individual users can do to keep themselves safe from potential data leakage.

It is recommended that you change your password on any account that uses Cloudflare. This includes sites such as OKCupid, Fitbit, and Medium are some of the most popular sites that are known to use Cloudfare’s services. If you are unsure whether or not a site you use was affected, there is now a webpage that tells you whether or not a site is infected

It is also recommended that you use a two-step authentication on any site or service that offers it. This will ensure that no one will be able to access your account, even if they are able to get your user credentials.

-

With thousands of security breaches per year, you can’t afford to wait for security. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how to keep your data safe. 

0 Comments
Continue reading

How to Download Everything You’ve Posted to Facebook

How to Download Everything You’ve Posted to Facebook

If you’ve had your Facebook profile since the dawn of the social media age, chances are that it’s accumulated an immense amount of personal information. While you might have felt weird handing over all of this data to Facebook, the company has made it surprisingly easy to take it back; well, as much as you can, at least.


You can download your Facebook data to your device, but your reasoning for doing so could be anything. Maybe you want to have a backup copy of your data stored locally, or perhaps you’re working on a project, like a graduation collage that requires you to pull out every photo under the sun. Of course, the most likely reason that you’d want to do this is if you’re completely fed up with Facebook, and you want to close your account. Unless you download your data, all of your information would be lost, which means countless years of Facebook activity lost to the ages.

Regardless of your reason for downloading your data, Facebook makes it easy. Although, Facebook has no reason to really make downloading your data difficult, considering how they own pretty much anything that you upload anyway, whether you download it back or not. Is it too late to suggest discretion when choosing what you post on Facebook?

Anyway, to get started, log into Facebook and go to Settings. You’ll see Download a copy of your Facebook data right underneath General Account Settings. Click on it, and you’ll see Start My Archive.

This lets you select a place to store your information, like if you try to download something off of the Internet. You’re choosing a folder to download your Facebook data to, so make sure that it’s a secured folder since your Facebook data probably contains at least some sensitive information.

Granted, you might be wondering what kind of information is downloaded to your archive. Facebook explains: “This includes a lot of the same information available to you in your account and activity log, including your Timeline info, posts you have shared, messages, photos and more. Additionally, it includes information that is not available simply by logging into your account, like the ads you have clicked on, data like the IP addresses that are logged when you log into or out of Facebook, and more.”

Depending on how heavily you have used Facebook over the years, you might be looking at a rather large download. However, downloading all of your data in one sitting is probably going to be more valuable and convenient than going through each individual post and manually selecting what you’d like to download.

For more great tips and technology tricks, be sure to subscribe to Info Advantage’s blog.

0 Comments
Continue reading

Defining the Most Common Types of Malware

Defining the Most Common Types of Malware

Malware is a term that stands for ‘malicious software,’ and are created by hackers in order to get access to things they normally should not be able to. There are thousands of different malware programs floating around the internet, waiting for someone to mistakenly download it to wreak havoc on your computers. With so many different types of malware, it can get a little difficult to recognize malicious programs before it’s too late. Here are a few of the most popular types of malware you’ll want to look out for, and how they work to steal your valuable assets.

Adware

Adware, short for advertising-supported software, is a special type of malware that is meant to deliver advertisements where they normally wouldn’t appear. These types of malware are often attached to ‘free’ software or applications, and are most often used as a way to generate revenue.

 

Bot

These programs are created to automatically a specific operation automatically, such as collecting information. Hackers can install bots onto a network or personal device for DDoS attacks, use them as a form of adware, hide them in sites to collect data, or even distribute other types of malware when downloaded.

Spyware

This kind of program is able to track anything a user does on their device, including anything they enter into their computer. This can include things such a passwords, personal information, or even credit card numbers. In addition, many spyware programs have other uses, such as the ability to modify security setting or interrupting internet connections.

 

Ransomware

Ransomware is a type of malware that will lock a user out of their device or network until a transaction is completed. This is done either by encrypting the data stored on the device, or by shutting the system down entirely. Typically, these programs will ask a user to send hundreds of dollars in order to get their data back.

 

Rootkit

A rootkit is designed to remotely access a device or network without being detected by either the user or any security programs. These programs often activate during a time when the device is not being used, making it one of the hardest forms of malware to detect. Once inside, a rootkit can access files, change settings, steal information, or even hide other types of malware.

Trojan

One of the most well-known forms of malware, a Trojan malware disguise itself as a normal, safe file or program to try and trick users into downloading it. Once downloaded, the Trojan gives access to the affected user, allowing them to steal data, monitor activity, or install more malware.

 

Virus

Much like viruses in the human body, a computer virus is able to copy itself to other computers or systems, infecting them as they continue to spread. Typically, viruses attach to a program and will activate when the infected program is launched. However, they can also be spread by documents, script files, or any other file that is shared.

Worm

Worms are similar to a virus in that they can create copies of themselves to spread from device to device, infecting every one as it goes along. The major difference is that while a virus needs to be spread via a human or host program, a worm is able to self-replicate itself and spread on its own.

If you think your computer or network is infected with malware, your data can be at a severe risk. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how you can fight back against malicious programs!

0 Comments
Continue reading

3 Social Engineering Scams You’ll Want to Keep an Eye Out For

3 Social Engineering Scams You’ll Want to Keep an Eye Out For

These days there are thousands of different cyber scams looking to steal money or information from unsuspecting internet users. While many of these attacks can be stopped with a strengthened and secure connection, there is another type of attack that relies more on tricking the users, rather than their network or personal device. These are known as social engineers, and they rely on exploiting the human psychology in order to obtain what they want. Here are three types of social engineering scams that you’ll want to be able to recognize.

Phishing

One of the most common types of hacking scams used today, phishing scams try to trick internet users to give up their personal information by posing as a reputable source. These often come up in the form of an email from a site that is easily recognizable, such as Facebook or Amazon. Typically, these emails state that there is a problem with a person’s account, and prompt them to fill out their personal information in order to resolve it. That’s why you should always double check the URL to make sure it is a verified site. Remember, a site will NEVER ask for your log in credentials through an email.

Pretexting

Pretexting is similar to phishing in that the hacker attempts to coerce information from a user by pretending to be someone they’re not. The main difference between the two types of scams is that where a phishing attack is meant to induce fear, a pretexting attack will instead attempt to create a false trust with the user. Hackers achieve this by posing as someone the user would trust, such as a government official or the police. They then ask for their personal information, often citing that they need to verify the user’s identity.

Quid Pro Quo

Hackers will often use what is known as a ‘quid pro quo’ attack where they promise a user some kind of good or service in exchange for their information. This is often presented as some sort of prize for a contest, and promises that you will receive the reward for free, as long as you provide them with a bit of personal information. For example, a hacker could promise free IT assistance to individual users and ask for them to give them their credentials in order to claim the service. They would then be able to steal valuable data or even download harmful malware directly onto their computers.

Even if you’re careful with your network, a professional hacker will stop at nothing to try and find a vulnerability they can exploit. Call Info Advantage at (585) 254-8710 today to learn more ways you can keep hackers at bay.

0 Comments
Continue reading

This Breakthrough By MIT Will Propel Artificial Intelligence to New Heights

This Breakthrough By MIT Will Propel Artificial Intelligence to New Heights

No security solution is perfect. Each one has its own set of pros and cons. For example, relying completely on an automated solution is thorough, but it will flag plenty of threats that aren’t really threats (aka, false positives). Meanwhile, a human overseeing security is great for spotting worrisome trends, but a human can’t possibly catch every single attack. With this dynamic in mind, a team of researchers from MIT has successfully blended the two.


The team, hailing from MIT’s Computer Science and Artificial Intelligence Laboratory, developed a security platform combining the strength of human involvement with the effectiveness of artificial intelligence. Given the name A.I.², this new platform is capable of detecting 85 percent of incoming attacks while reducing reported false positives by 20 percent.

How A.I.² combines AI and human involvement is actually quite genius. To begin, the “untrained” machine reports a sample set of results to a human expert. These results are informed by machine learning and are checked against the 200 most important problems. The human expert then checks over and corrects the machine’s work, with the intention of finding mistakes and false positives. Subsequently, the human-checked results are inputted to A.I.², the machine learns, and the next set of tests will have fewer errors. This process is then repeated with the security platform adapting each time to look for what its human teacher looks for.

In a paper presented at the IEEE International Conference on Big Data Security, research scientist Kalyan Veeramachianeni summarized, "You can think about the system as a virtual analyst. It continuously generates new models that it can refine in as little as a few hours, meaning it can improve its detection rates significantly and rapidly."

Of course, the precedent of effectiveness set here by combining human expertise and oversight with A.I. has far-reaching ramifications for other A.I. initiatives currently in development; initiatives that have both humanity’s best and worst interests in mind. Although, for now, those of us in the IT world are celebrating this A.I.-enabled technology for being one giant leap forward in security analysis accuracy.

It’s important to keep in mind that a platform like A.I.² is still years away from being available to the average business. Therefore, we recommend that you stay on top of your network security by following best practices, which combines automated software solutions and human vigilance in order to combat the latest threats. Info Advantage is standing by to assist you with all of your company’s network security needs. To equip your business with the most comprehensive IT security solutions on the market, call us today at (585) 254-8710.

0 Comments
Continue reading

3 Built-in Windows 10 Security Tools that Keep Hackers at Bay

3 Built-in Windows 10 Security Tools that Keep Hackers at Bay

Windows is perhaps the most widely-used computing tool in the workplace, and as such, it remains a huge target for hackers of all kinds. Criminals are always trying to uncover vulnerabilities in the operating system, but this time around, Microsoft has truly outdone themselves. Windows 10’s built-in security, according to hackers at the Black Hat conference in Las Vegas, allows for the most secure Windows operating system in several years.


It was expressed that, in comparison to its previous incarnations, Windows 10 is much more difficult to break into. That hasn’t stopped some hackers from trying, though. Among the Black Hat hackers at the convention were many who had tried to pinpoint potential outlets for malicious threats, and while they still managed to come up with a couple of solutions, it became clear that Windows 10 is much more challenging for hackers to infiltrate. Below are a few of the proposed attack models, and how Windows 10 challenges them.

Windows 10 Uses Built-In Anti-Malware Tools
Windows 10 uses what’s called the antimalware scan interface (AMSI), which is capable of identifying and capturing malicious scripts in memory. The idea is that applications can access this information, and any antivirus or antimalware program can process it. For example, Windows Defender and AVG use AMSI. The reason that this is such a huge problem for hackers is that many prefer to use script-based attacks. The kicker here is that while AMSI is a valuable tool to detect and prevent attacks, it requires secondary security protocol in order to be most effective. While it’s great for detecting scripts executed in PowerShell, since PowerShell records logs, it still requires someone to regularly monitor the logs in order for it to be most effective.

Active Directory
Active Directory is a crucial part of how Windows administration functions, and it’s useful for both managing workloads in the cloud, and controlling identity and authentication management on in-house networks. Microsoft Azure uses Active Directory, which can provide exceptional security for an Azure-based cloud computing platform. The problem that admins run into in most circumstances is that any user account can access Active Directory, unless the administrator removes those permissions. Therefore, it falls to your IT administrators to ensure that the credentials for your Active Directory authentication are secured, and to control user permissions to mitigate potential access to AD.

Virtualization
Virtualization-based security is a series of security features that are built into the hypervisor of Windows 10. In essence, Hyper-V can create a virtual machine that isn’t connected to the root partition. This virtual machine can then execute security commands as needed. The idea here is that Hyper-V creates a virtual machine that can’t be compromised, even if the root partition has been taken over. It’s a way of minimizing the extent of data breaches, should they happen in the first place. Of course, if the root contains credentials that allow hackers to access the virtual machine, it’s all over. Therefore, administrators need to take measures to ensure that hackers cannot access the VBS machine.

Of course, no matter how secure an OS is, hackers will always find a way to get in. One way or another, criminals who are determined to bypass defenses will create a way to do so. Microsoft patches known vulnerabilities as soon as they’re discovered to be active, so it comes down to outplaying the opponent. Hackers will inevitably find ways to crack Windows 10’s innate security, so it’s your responsibility to complement your OS’s security with your own solutions.

If you need assistance securing your Windows 10 devices, or any other workstations, servers, or network components, reach out to Info Advantage at (585) 254-8710.

0 Comments
Continue reading