508-909-5961 [email protected]

The hows of watering hole attack preventionThere are millions of malware in existence, with new ones being developed by the minute. This is terrible news for anyone who stores personal information online — which is basically everyone in the world today. Learn how you can avoid being a victim of a watering hole attack, one of the most common ways cybercriminals […]

The post The hows of watering hole attack prevention appeared first on Complete Technology Resources, Inc..

The hows of watering hole attack prevention

There are millions of malware in existence, with new ones being developed by the minute. This is terrible news for anyone who stores personal information online — which is basically everyone in the world today. Learn how you can avoid being a victim of a watering hole attack, one of the most common ways cybercriminals introduce malware into networks.
The term “watering hole” colloquially refers to a social gathering place where a particular group of people often go to. As internet users, we all have unique “watering holes” or websites that we visit frequently. A financial analyst, for example, is likely to visit websites related to financial investments and market trends.

In a watering hole attack, cybercriminals observe the watering holes of a specific demographic and infect their most visited websites with malware. Any user who has the misfortune of visiting any of these compromised sites will then have their computers automatically loaded with malware.

The malware used in these attacks usually collects the victim’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer.

But how does a cybercriminal choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Hackers these days are so highly skilled that they can exploit any website using a watering hole attack. In fact, even high-profile organizations like Facebook, Forbes, and the US Department of Labor have fallen prey to this scheme in recent years.

Protect yourself from watering hole attacks by doing the following:

Update your software

Watering hole attacks often exploit security gaps and vulnerabilities to infiltrate computers and networks. By updating all your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely

Regularly conduct security checks using your network security tools to detect watering hole attacks. Use tools like intrusion prevention systems that allow you to detect and contain suspicious or malicious network activities before they can cause problems. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities

Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature. Also, block social media sites from your office network, as these are often used as share points of links to infected sites.

Staying informed is one of the best ways to stay protected. As cyberthreats continue to evolve, it pays to be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

The post The hows of watering hole attack prevention appeared first on Complete Technology Resources, Inc..

Read More

Defend your business from these 5 types of hackers"Know thine enemy" — it means to get to know them and their motives. In this blog, we take a close look at the five types of dangerous hackers, what their motives are, and how they operate. Script kiddies In terms of skill, script kiddies (or skids, for short) are at the bottom of the […]

The post Defend your business from these 5 types of hackers appeared first on Complete Technology Resources, Inc..

Defend your business from these 5 types of hackers

"Know thine enemy" — it means to get to know them and their motives. In this blog, we take a close look at the five types of dangerous hackers, what their motives are, and how they operate.

Script kiddies

In terms of skill, script kiddies (or skids, for short) are at the bottom of the hacker totem pole. Their name comes from the fact that they use scripts or other automated tools written by others. They are often young people on a quest for internet notoriety or who are simply bored and in search of a thrill.

Script kiddies shouldn’t be dismissed so easily, however. The ILOVEYOU virus, considered one of the worst malware on the planet, was developed by skids.

Hacktivists

Hacktivists often hack into businesses and government systems to promote a particular political agenda or to effect social change. These so-called “hackers with a cause” steal confidential information to expose or disrupt their target’s operations.

Even if you’re a small- or medium-sized business (SMB) owner, you’re not immune to hacktivist attacks. This is especially true if your company is associated or partnered with organizations that are prime hacktivist targets.

Cybercriminals

Cybercriminals break into digital systems or networks with the intent to steal, destroy, taint, and/or lock away data. They usually target individuals, SMBs, and large companies that have exploitable weaknesses in their cybersecurity.

Cybercriminals attack using a number of methods, including social engineering tactics to trick users into volunteering sensitive personal or company data. This information is then used for identity theft, sold on the dark web, or leveraged to launch attacks against other businesses. Cybercriminals can also infect computers with ransomware and other types of malware.

State-sponsored hackers

True to their name, these hackers are backed by governments. The hackers’ goal is to promote their backer’s interests within their own country or abroad. In most cases, this involves taking down websites that criticize the state, swaying public opinion, cyber-terrorism, and leaking top-secret information, among others.

As they are, state-sponsored hackers are already dangerous to business owners, but even more so when they make it their goal to cripple an entire country’s financial system or disrupt commodity supply lines. This could involve interfering with the economy or disrupting business operations. Tech and pharmaceutical companies are a frequent target, but businesses in other industries aren’t safe from state-sponsored hackers either.

Insiders

The scariest type of hacker is the one that lurks within your own organization. An insider can be your company’s current and former employees, contractors, or business associates. Oftentimes their mission is payback. They’ll steal sensitive documents or try to disrupt the organization’s operations to right a wrong they believe a company has done to them. Edward Snowden is a prime example of an insider who hacked the organization he worked for — the US government.

Malicious hackers are always changing their tactics to meet their goals, making them an ever-present threat to any organization, including yours. It’s crucial that you stay one step ahead by working with cybersecurity experts who can help protect your company from dangerous hackers and other cyberthreats. Contact our team today to get started.

Published with permission from TechAdvisory.org. Source.

The post Defend your business from these 5 types of hackers appeared first on Complete Technology Resources, Inc..

Read More

Watch out for distributed spam distractionA lot of people get a handful of spam in their email inboxes every day. While spam can be a nuisance, it only takes a few minutes to delete or block spam. But if you receive tens of thousands of spam all at the same time, a huge chunk of your time and energy will […]

The post Watch out for distributed spam distraction appeared first on Complete Technology Resources, Inc..

Watch out for distributed spam distraction

A lot of people get a handful of spam in their email inboxes every day. While spam can be a nuisance, it only takes a few minutes to delete or block spam. But if you receive tens of thousands of spam all at the same time, a huge chunk of your time and energy will be wasted on dealing with them — and they might actually be hiding telltale signs that you're being attacked by cybercriminals. This tactic is called distributed spam distraction (DSD), and here’s what you need to know about it.

What is DSD?

DSD is a type of attack wherein cybercriminals inundate email inboxes with as many as 60,000 spam emails. These emails don’t contain dangerous links, ads, or attachments, just random excerpts of text taken from books and websites. But because of the sheer volume of these emails, deleting and blocking each one of them can be daunting. And worse, the email and IP addresses used to send them are all different, so victims can’t simply block a specific sender.

While these spam messages may seem like harmless annoyances, their true purpose is to draw victims’ attention away from what hackers are doing behind the scenes — which is to steal and use your personally identifiable information to conduct a raft of illegal activities. These include stealing money from your bank account or making unauthorized purchases in your name. In a DSD attack, the thousands of spam emails you get serve as a smokescreen that hides payment confirmation messages.

New tactics

Over the years, hackers have developed new DSD tactics. Several reports show that instead of nonsensical emails, hackers are using automated software to have their targets sign up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that weed out the malicious code and text used in traditional DSD attacks.

Also, anyone can go on the dark web and pay for DSD services. For as little as $40, you can get a hacker to send out 20,000 spam emails to a specific target. All you need to do is provide the hacker with your target’s name, email address, and credit card number — all of which can also be purchased on the dark web.

How to protect yourself from DSD

DSD is a clear sign that your account has been hijacked, so whenever you receive dozens of emails in quick succession, contact your bank to cancel any unfamiliar transactions and change your login credentials as soon as possible. Also, you should update your anti-spam software (or get one if you don’t have one) to protect your inbox from future DSD attacks.

Hackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected online. You should regularly change your passwords and PINs, enable multifactor authentication, set up SMS and/or email alerts for whenever online purchases are made in your name, and be careful about sharing personal information with others.

DSD is just one of many cyberthreats out there. For expert advice on how to ensure your safety and security online, get in touch with our team of IT professionals.

Published with permission from TechAdvisory.org. Source.

The post Watch out for distributed spam distraction appeared first on Complete Technology Resources, Inc..

Read More