Hackers go for the gold. This means that banking information makes for the number one target. These cyberattacks lead to the theft of large sums of money, undermine the economic stability of individuals and organizations, as well as destroy the reputation of banks and other financial institutions. When these incidents occur, the damage can be irreversible and substantial. As such, business owners should learn about the evolving security threats and identify the modus operandi of cybercriminals. Let’s take a closer look.

Extortion
Distributed denial of service (DDoS) attacks, which are typically delivered from massive botnets of zombie computers or internet of things (IoT) devices, have been used to bring down banking networks. This occurs when a targeted server or system is overwhelmed by multiple compromised networks. It’s essentially like a traffic jam clogging up the highway, preventing regular traffic from arriving at its intended destination.

Some cybercriminals are relentless with DDoS attacks and follow them up with cyberextortion, demanding payment in return for release from costly downtime. Banks cannot defend against these attacks alone, so they rapidly share information among themselves through organizations such as FS-ISAC4 and rely upon the ability of their internet service provider to handle and redirect massive quantities of traffic.

Social media attacks
This happens when fraudsters use fake profiles to gather information for social engineering purposes. Thankfully, with new regulations such as the General Data Protection Regulation (GDPR), big companies like Facebook and Twitter have significantly enhanced their security and privacy policy with regards to their data handling practices. The unprecedented reach of social media is something companies cannot afford to ignore because of the possible implications a data breach can have on businesses.

Spear phishing
Spear phishing is an attack where cybercriminals send out targeted emails ostensibly from a known or trusted sender in order to trick the recipient into giving out confidential information. Over the years, hackers have upped their game and cast a bigger net, targeting unwitting employees to wire money. This attack is called business email compromise (BEC), where a fraudster will purport to be a CEO or CFO and request for large money transfers to bogus accounts.

Point-of-sale (PoS) malware
PoS malware targets PoS terminals to steal customer payment (especially credit card) data from retail checkout systems. Cybercriminals use a memory scraper that operates by instantly detecting unencrypted type 2 credit card data, which is then sent to the attacker’s computer to be sold on underground sites.

ATM malware
GreenDispenser is an ATM-specific malware that infects ATMs and allows criminals to extract large sums of money while avoiding detection. Recently, reverse ATM attacks have also emerged. Here, PoS terminals are compromised and money mules reverse transactions after money is withdrawn or sent to another bank account. In October 2015, issuers were mandated to shift to EMV or Chip-and-PIN system to address the weakness of the previous payment system.

Credential theft
Dridex, a well-known credential-stealing software, is a banking Trojan that is generally distributed through phishing emails. It infects computers, steal credentials, and obtain money from victims’ bank accounts.

Other sophisticated threats
Various data breach methods can be combined to extract data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATMs of cash.

Additionally, with the rise of cryptocurrency, cybercriminals are utilizing cryptojacking, a method that involves the secret use of devices to mine cryptocurrency.

The creation of defensive measures requires extensive knowledge of the lurking threats, and our team of experts is up to date on the latest security information. If you have any questions, feel free to contact us to find out more about TTPs and other weapons in the hacker’s toolbox.

The post Top security threats to financial services appeared first on Complete Technology Resources, Inc..

Buying a secondhand Mac is a popular way to save money on relatively expensive equipment that retains its value. Conversely, selling your used Mac is a great way to expose yourself to potential identity theft. Keep your personal information safe when getting rid of a Mac computer by adhering to these tips.

Sign into all your accounts on a new computer

Before you can ensure that your personal accounts are inaccessible on the Mac you’re getting rid of, you must be certain that you can access those accounts on another computer. If you need to recover a username or password, your options may be limited if the trusted computer has been wiped clean. Make sure to log in to these accounts on another device before moving forward:

• iTunes
• iCloud
• Apple ID
• iMessage

It's also important that you remember account credentials that you previously relied on your web browser to remember. If you use Safari, here are the steps to check all the accounts your browser has saved:

• Open Safari.
• Select Preferences from the menu directly next to the Apple icon in the upper left corner of the screen.
• Click the Passwords menu.
• Comb through the list and confirm that you can access all those accounts on another computer.

Sign out of everything

Even though deleting everything on your hard drive is covered later in this article, your personal information may not be completely erased. You can add another layer of certainty by deleting as many accounts as possible before formatting the storage disk. First, reopen your web browser’s saved accounts window and delete everything.

Next, open iTunes, click Store, and then Deauthorize This Computer. You’ll also want to sign out of iCloud (after backing up all your data), so click the Apple icon in the upper left corner of the screen, then System Preferences, followed by iCloud, and then Sign Out. Finally, open the Messages app, click Messages, then Preferences, and Accounts. From there you can sign out of your Messages accounts.

Remove the device from Apple Support

Another thing that people often forget to do is revoke their Apple Support registration (unless you want the new owner of your Mac to receive free assistance from Apple Geniuses). Visit support.apple.com/my-support, sign in with your Apple ID and remove any device you plan to get rid of or no longer own.

Format the drive

When all your files are backed up and your accounts are accessible on other devices, you can wipe your Mac’s hard drive clean. It’s a fairly simple process that follows these basic steps:

1. Confirm that your Mac has a stable internet connection.
2. Restart the computer and hold down the command button (⌘) as well as the R key.
3. Select Disk Utility from the list of options that appear and click Continue.
4. Click your main drive and then Erase from the options along the top of the window.
5. Choose MacOS Extended from the Format dropdown menu
6. Open the Security Options window and choose which method you want to use.
7. Click OK, then Erase to start the formatting process.

Keep in mind that if you don’t choose the 7- or 35-Pass Erase option, some data on your hard drive may still be accessible by a skilled hacker. However, the 7-Pass Erase option takes well over 12 hours for a 500GB drive.

Reinstall MacOS

If you plan to sell or donate your Mac, it’s probably best to reinstall the operating system after formatting the drive. To do so, simply restart the computer while holding command + R, choose Reinstall macOS, and follow the instructions.

All in all, this entire process can take a couple of days. Small businesses can save a lot of time by hiring an IT provider with Apple experts to take care of mundane tasks like wiping an old computer’s hard drive. Give us a call today to learn more about what we do.

The post Want to get rid of your Mac? Not so fast appeared first on Complete Technology Resources, Inc..

Buying a secondhand Mac is a popular way to save money on relatively expensive equipment that retains its value. Conversely, selling your used Mac is a great way to expose yourself to potential identity theft. Keep your personal information safe when getting rid of a Mac computer by adhering to these tips.

Sign into all your accounts on a new computer

Before you can ensure that your personal accounts are inaccessible on the Mac you’re getting rid of, you must be certain that you can access those accounts on another computer. If you need to recover a username or password, your options may be limited if the trusted computer has been wiped clean. Make sure to log in to these accounts on another device before moving forward:

• iTunes
• iCloud
• Apple ID
• iMessage

It's also important that you remember account credentials that you previously relied on your web browser to remember. If you use Safari, here are the steps to check all the accounts your browser has saved:

• Open Safari.
• Select Preferences from the menu directly next to the Apple icon in the upper left corner of the screen.
• Click the Passwords menu.
• Comb through the list and confirm that you can access all those accounts on another computer.

Sign out of everything

Even though deleting everything on your hard drive is covered later in this article, your personal information may not be completely erased. You can add another layer of certainty by deleting as many accounts as possible before formatting the storage disk. First, reopen your web browser’s saved accounts window and delete everything.

Next, open iTunes, click Store, and then Deauthorize This Computer. You’ll also want to sign out of iCloud (after backing up all your data), so click the Apple icon in the upper left corner of the screen, then System Preferences, followed by iCloud, and then Sign Out. Finally, open the Messages app, click Messages, then Preferences, and Accounts. From there you can sign out of your Messages accounts.

Remove the device from Apple Support

Another thing that people often forget to do is revoke their Apple Support registration (unless you want the new owner of your Mac to receive free assistance from Apple Geniuses). Visit support.apple.com/my-support, sign in with your Apple ID and remove any device you plan to get rid of or no longer own.

Format the drive

When all your files are backed up and your accounts are accessible on other devices, you can wipe your Mac’s hard drive clean. It’s a fairly simple process that follows these basic steps:

1. Confirm that your Mac has a stable internet connection.
2. Restart the computer and hold down the command button (⌘) as well as the R key.
3. Select Disk Utility from the list of options that appear and click Continue.
4. Click your main drive and then Erase from the options along the top of the window.
5. Choose MacOS Extended from the Format dropdown menu
6. Open the Security Options window and choose which method you want to use.
7. Click OK, then Erase to start the formatting process.

Keep in mind that if you don’t choose the 7- or 35-Pass Erase option, some data on your hard drive may still be accessible by a skilled hacker. However, the 7-Pass Erase option takes well over 12 hours for a 500GB drive.

Reinstall MacOS

If you plan to sell or donate your Mac, it’s probably best to reinstall the operating system after formatting the drive. To do so, simply restart the computer while holding command + R, choose Reinstall macOS, and follow the instructions.

All in all, this entire process can take a couple of days. Small businesses can save a lot of time by hiring an IT provider with Apple experts to take care of mundane tasks like wiping an old computer’s hard drive. Give us a call today to learn more about what we do.

The post Want to get rid of your Mac? Not so fast appeared first on Complete Technology Resources, Inc..

One basic internet security habit that everyone should remember is to avoid websites that aren’t secured with the HTTPS protocol. This is as simple as looking at your URL bar to check whether the URL string starts with “https” and whether there is a symbol of a closed padlock beside it.

HTTPS Encryption

When you visit a website that doesn’t use HTTPS, which is common with older websites that have been left on its domain with minimal intervention, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be decrypted by anyone with even the most basic tools.

HTTPS Certificates

The other thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is that if your computer is hacked, it could be tricked into directing www.google.com to the address 8.8.8.255, for example, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS creates a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a fraudulent website.

What this means for daily browsing

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

If your browser marks a website as “unsafe”, it is always best to err on the side of caution; do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is a reliable Firefox, Chrome, and Opera extension that encrypts your communications with websites).
HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the “l” replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site. Many unscrupulous cybercriminals utilize similar spellings of legitimate websites to fool people into thinking that they are in a secure site. Always be vigilant.
Avoid sites that don’t use the HTTPS protocol — it can be as simple as that.

When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call.

The post Why you should care about HTTPS appeared first on Complete Technology Resources, Inc..