508-909-5961 [email protected]

Fileless malware: Are you at risk?Over the past few years, the security industry has witnessed a rapid evolution in attack techniques, including fileless malware. Now, cybercriminals use legitimate tools and services such as existing software, applications, and authorized protocols to carry out malicious activities like unauthorized data retrieval or data damage. Left unchecked, these types of malware can adversely affect […]

The post Fileless malware: Are you at risk? appeared first on Complete Technology Resources, Inc..

20 Jul, 2020 / by Complete Technology Resources / in 2020july20security_b, cybersecurity, fileless malware, malware, Security category
Fileless malware: Are you at risk?

Over the past few years, the security industry has witnessed a rapid evolution in attack techniques, including fileless malware. Now, cybercriminals use legitimate tools and services such as existing software, applications, and authorized protocols to carry out malicious activities like unauthorized data retrieval or data damage. Left unchecked, these types of malware can adversely affect your business processes and the infrastructures that run them.

What is fileless malware?

Fileless malware is malicious software that doesn't rely on executable files to infect your infrastructure. Rather, it hides in your computer's random access memory (RAM) and uses trusted, legitimate processes such as Microsoft Office macros, PowerShell, and Windows Management Instrumentation (WMI).

Fileless malware isn’t as visible as traditional malware. They use a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s processes and the infrastructures that run them. Because there are no files to trace, fileless malware escapes detection from most anti-malware programs, especially those that use the databases of precedent threats. Most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a hard time establishing where to look.

Fileless malware by the numbers

In November 2016, attacks using fileless malware saw a 13% uptick, according to a report by Trend Micro. Also, in the third quarter of 2016, attacks were 33% higher than in the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on over 12,000 unique machines.

Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked toward obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

In 2018, Trend Micro also detected a rising trend of fileless threats throughout the first half of the year.

Is your business at risk?

It is unlikely that your business has been targeted in the earliest stages of this strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations carry out?

While your business might not be in immediate danger, you should employ solutions that analyze behavioral trends. It is also wise to invest in a managed services provider that offers 24/7 network monitoring, proper patches, and software updates. Call us today to get started.

Published with permission from TechAdvisory.org. Source.

The post Fileless malware: Are you at risk? appeared first on Complete Technology Resources, Inc..

Read More

Are your mobile devices protected?Mobile devices are indispensable. Smartphones, tablets, and other mobile gadgets play a big part in everyday processes, especially for individuals and companies that value connection and convenience. But as the number of mobile devices used in business operations increases, so do the cyberthreats that target them. Be sure to follow these steps to safeguard company […]

The post Are your mobile devices protected? appeared first on Complete Technology Resources, Inc..

13 Jul, 2020 / by Complete Technology Resources / in 2020july13hardware_b, cybersecurity, cyberthreats, Hardware, mobile device, smartphone, threats category
Are your mobile devices protected?

Mobile devices are indispensable. Smartphones, tablets, and other mobile gadgets play a big part in everyday processes, especially for individuals and companies that value connection and convenience. But as the number of mobile devices used in business operations increases, so do the cyberthreats that target them. Be sure to follow these steps to safeguard company mobile devices.

Ensure mobile OS is up to date

The updates on Apple and Android operating systems (OS) improve overall user experience, but their most important function is to fix security vulnerabilities. Reduce your business’s exposure to threats by installing updates for all devices as soon as they become available. Don’t wait for a few weeks or months to update, as this gives cybercriminals ample time to exploit vulnerabilities on devices that run on an outdated OS.

Install business applications only

Downloading apps seems harmless. But lenient policies on what should and shouldn’t be downloaded on company mobile devices could lead to staff downloading and installing non-business-related apps from third-party stores, most of which are notorious for malicious advertising codes and other threats. It’s imperative that employees download and install only business applications necessary for their work on their company mobile devices.

Be careful when connecting to public Wi-Fi networks

Emergencies may compel you to use password-free Wi-Fi networks in hotels, airports, cafes, and other public places. Connecting to an open network can expose your confidential information and sensitive company data to cybercriminals connected to the same network.

You can avoid this by providing a practical internet data plan, preferably one that includes roaming services, for remote workers. And if you really have to connect to a public Wi-Fi network, don’t use the connection for transferring sensitive data.

Enable phone tracking tools

Losing a company-issued mobile device is unfortunate but inevitable. Devices can be misplaced or stolen, but enabling Find My iPhone for iOS devices, GPS Phone Tracker for Android, or any device-tracking app helps users locate lost phones. Some also have the option to delete data on stolen devices. Downloading and setting up such an app only takes a few minutes, and it will give you peace of mind knowing that even if your phone is lost or stolen, its contents will not be compromised.

Screen SMS carefully

SMS phishing can be used to trick you into clicking malicious links. Cybercriminals send messages purporting to be from someone you know, asking you to urgently disclose confidential information. Should you encounter such an SMS, you can either delete it or alert your IT department. You can also block unknown senders without even opening their message.

Mobile devices are becoming more critical to operations. And with more devices open to attacks, businesses must bolster their cybersecurity efforts. Malicious actors will exploit every possible vulnerability, and that includes those in unsecured smartphones and tablets. Get in touch with us if you need comprehensive security solutions for your business.

Published with permission from TechAdvisory.org. Source.

The post Are your mobile devices protected? appeared first on Complete Technology Resources, Inc..

Read More

How to prevent healthcare data breachesCloud-based healthcare systems have vastly improved medical services. Digitization has allowed hospitals and clinics to provide better patient care and greater accessibility to information. However, it has also increased the risk of personal health information (PHI) cybertheft. For this reason, healthcare cybersecurity experts are working harder than ever to protect PHI. From financial information to […]

The post How to prevent healthcare data breaches appeared first on Complete Technology Resources, Inc..

26 Jun, 2020 / by Complete Technology Resources / in 2020june26healthcare_b, cybersecurity, healthcare, healthcare data breaches, healthcare it, personal health information category
How to prevent healthcare data breaches

Cloud-based healthcare systems have vastly improved medical services. Digitization has allowed hospitals and clinics to provide better patient care and greater accessibility to information. However, it has also increased the risk of personal health information (PHI) cybertheft. For this reason, healthcare cybersecurity experts are working harder than ever to protect PHI.

From financial information to medical information

In the past few years, cybercriminals have focused on stealing financial data, including credit card numbers, online banking credentials, and other personal information. But things are taking a turn, with financial institutions fortifying their database security and raising client awareness on the growing problems.

Stronger data protection measures in the financial industry have forced criminals to turn their attention to medical data, which is typically much less secure. Patient data includes date of birth, medical and physical records, and social security number — information that can’t be easily reset, and is significantly more valuable than credit card data.

Securing healthcare data

Healthcare data has become more attractive to criminals, and it’s crucial that medical institutions take necessary precautions to secure their patients’ information from data thieves. Here are some best practices to secure those pieces of information:

  • Encrypt healthcare data – Encryption translates patients’ data into code that only authorized users with a decryption key can decode. Multi-encryption is also an effective way to keep out intruders.
  • Protect your network and Wi-Fi – Because hackers use a variety of tools to break into IT systems and obtain medical records, your healthcare organization needs to invest in the best security solutions, including firewalls and antivirus software. Also worth considering is network segregation, which blocks attackers’ attempts to penetrate your networks to steal an organization’s information.
  • Educate employees – Staff members need to be trained in various areas of information security. Regularly conduct cybersecurity training sessions that cover policies such as setting strong passwords, implementing spam filters, protecting against phishing scams, and spotting different kinds of data breach methods.
  • Secure physical locations – Most healthcare institutions still retain their patients’ records on paper and store them in cabinets. Ensure that all loopholes are covered by installing surveillance cameras and other physical security controls, such as electronic door locks. Enforce strict rules about granting access to high-risk offices containing sensitive data only to authorized personnel.

It is important for healthcare providers to secure sensitive patient data. Learn how your organization can better protect your patients’ information by giving us a call.

Published with permission from TechAdvisory.org. Source.

The post How to prevent healthcare data breaches appeared first on Complete Technology Resources, Inc..

Read More

What HTTPS means for cybersecurityAs people’s reliance on the internet deepened through the years, cybercriminals also began to move more stealthily. Online shoppers, for instance, can be led to a payment page that has no HTTPS in its URL. If they enter their personal details on this page, they will be a prime target for identity theft without them […]

The post What HTTPS means for cybersecurity appeared first on Complete Technology Resources, Inc..

17 Jun, 2020 / by Complete Technology Resources / in 2020june17webandcloud_b, browsing, cybersecurity, safe browsing, Web & Cloud, website security category
What HTTPS means for cybersecurity

As people’s reliance on the internet deepened through the years, cybercriminals also began to move more stealthily. Online shoppers, for instance, can be led to a payment page that has no HTTPS in its URL. If they enter their personal details on this page, they will be a prime target for identity theft without them knowing. Here’s why you should make sure that the websites you visit have a little padlock icon before their URL, and an “S” after the “HTTP” prefix.

HTTPS encryption

The “s” in HTTPS stands for “secured”. It was introduced in 1995, so older websites that have been left on its own without regular maintenance usually don’t have it. But even to this day, unsecure websites exist, and fraudsters can easily take advantage of them.

When you visit a site with an HTTP connection, everything you type or click on that website is sent without encryption. This means that anyone who intercepts the data transferred between the website and your computer can readily view them. Cybercriminals can exploit this fact to gain access to your personal data, Social Security number, credit card information, and the like. This puts you at risk of identity theft and other fraudulent activities.

HTTPS certificates

When you visit a website, your computer uses an online directory to translate its alphanumeric name into a numerical address. It then saves that information on your computer, so that it doesn't have to check the online directory every time you visit the same website.

In the event that your computer gets compromised, it could be tricked into directing a perfectly safe web address like www.google.com to a malicious website. Most of the time, users are sent to sites that look exactly like the legitimate site, but are actually fake copies designed to trick them into divulging their credentials.

To prevent such things from happening, the online directories mentioned earlier issue an ecosystem of certificates that turn HTTP into HTTPS, making it impossible for anyone to be redirected to a fraudulent website.

How does this affect our daily browsing habits?

We often visit a multitude of websites in a short period of time without checking each one for padlocks and certificates. Unfortunately, we can’t ignore the importance of HTTPS, so here are a few things to consider the next time you browse the internet:

  • If your browser marks a website as “unsafe,” think twice about clicking “Proceed anyway.” Only click the prompt if you are absolutely certain nothing will be transmitted.
  • Add web browser extensions such as HTTPS Everywhere that create encrypted connections to unencrypted websites. These extensions encrypt your communication with websites, and are compatible with Chrome, Firefox, and Edge browsers.
  • Always be vigilant. Some sites may have HTTPS but it doesn’t mean they’re safe. For example, goog1e.com (with the “l” replaced with a one) could have a certificate, but the misspelling indicates it to be an untrustworthy site. Cybercriminals use similar spellings of authentic websites to fool people into thinking that they’re in a secure site. This is called typosquatting or URL hijacking.
  • And perhaps, just follow the easiest step of all: avoid sites that don’t use the HTTPS protocol.

If you want to learn more about safer browsing habits and endpoint security, give our office a call.

Published with permission from TechAdvisory.org. Source.

The post What HTTPS means for cybersecurity appeared first on Complete Technology Resources, Inc..

Read More