Security - Part 63

With as much as we write about sophisticated malware and security breaches, sometimes the most effective attacks are the ones that prey on human error. In the most recent case, all it took was an email with a perfect imitation of one of Google’s security screens.

The post Warning: Do not install “Google Defender” appeared first on Complete Technology Resources, Inc..

10 May, 2017 / by Complete Technology Resources / in Security category

Warning: Do not install “Google Defender”

With as much as we write about sophisticated malware and security breaches, sometimes the most effective attacks are the ones that prey on human error. In the most recent case, all it took was an email with a perfect imitation of one of Google’s security screens. If you use Gmail, you need to know how to avoid this.

Broadly defined, “phishing” is any form of fraud in which an attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

These messages prey on users who click links, images and buttons without thoroughly investigating where they lead to. Sometimes the scam is as simple as an image with a government emblem on it that links to a website containing malware. Just hovering your mouse over the image would be enough to see through it. But some phishing schemes are far more difficult to recognize.

The Google Defender scam

Recently, an email spread to millions of Gmail accounts that almost perfectly imitated a message from Google. The text read:

“Our security system detected several unexpected sign-in attempts on your account. To improve your account safety use our new official application “Google Defender”.

Below that was a button to “Install Google Defender”. What made this scheme so hard to detect is that the button actually links to a totally legitimate site...within Google’s own framework. When third-party app developers create Gmail integrations, Google directs users to an in-house security page that essentially says, “By clicking this you are giving Google Defender access to your entire inbox. Are you sure you want to do this?”

Even to wary users, the original message looks like it came from Google. And the link took them to a legitimate Google security page -- anyone could have fallen for it. The Gmail team immediately began assuring users that they were aware of the scam and working on eradicating it and any potential copycats.

There’s no happy ending to this story. Although vendors and cybersecurity experts were able to respond to the crisis on the same day it was released, millions of accounts were still affected. The best way to prepare your business is with thorough employee training and disaster recovery plans that are prepared to respond to a breach. To find out how we can protect your business, call today.

Published with permission from TechAdvisory.org. Source.

The post Warning: Do not install “Google Defender” appeared first on Complete Technology Resources, Inc..

If small- and medium-sized businesses think cyber security is impossible to manage now, just think about what it was like before the internet provided a way to receive IT support remotely. In today’s business landscape, enterprise-level solutions and security can be delivered from almost anywhere in the world.

The post 3 Reasons why security is better in the cloud appeared first on Complete Technology Resources, Inc..

04 May, 2017 / by Complete Technology Resources / in Security category

3 Reasons why security is better in the cloud

If small- and medium-sized businesses think cyber security is impossible to manage now, just think about what it was like before the internet provided a way to receive IT support remotely. In today’s business landscape, enterprise-level solutions and security can be delivered from almost anywhere in the world. Read on to find out why that’s even safer than you realize.

Hands-on management

Unless you have an overinflated budget, relying on local copies of data and software means IT staff are forced to spread themselves across a bevy of different technologies. For example, one or two in-house tech support employees can’t become experts in one service or solution without sacrificing others. If they focus on just cybersecurity, the quality of hardware maintenance and helpdesk service are going to take a nosedive.

However, Cloud Service Providers (CSPs) benefit from economies of scale. CSPs maintain tens, sometimes thousands, of servers and can hire technicians who specialize in every subset of cloud technology.

Fewer vulnerabilities

Cloud security isn’t superior just because more technicians are watching over servers. When all the facets of your business’s IT are in one place, the vulnerabilities associated with each technology get mixed together to drastically increase your risk exposure.

For example, a server sitting on the same network as workstations could be compromised by an employee downloading malware. And this exposure extends to physical security as well. The more employees you have who aren’t trained in cyber security, the more likely it is that one of them will leave a server room unlocked or unsecured.

CSPs exist solely to provide their clients with cloud services. There are no untrained employees and there are significantly fewer access points to the network.

Business continuity

The same technology that allows you to access data from anywhere in the world also allows you to erect a wall between your local network and your data backups. Most modern iterations of malware are programmed to aggressively replicate themselves, and the best way to combat this is by quarantining your backups in the cloud. This is commonly referred to as data redundancy in the cybersecurity world, and nowhere is it as easy to achieve as in the cloud.

The cloud doesn’t only keep your data safe from the spread of malware, it also keeps data safe from natural and manmade disasters. When data is stored in the cloud, employees will still have access to it in the event that your local workstations or servers go down.

The cloud has come a long way over the years. It’s not just the security that has gotten better; customized software, platforms and half a dozen other services can be delivered via the cloud. Whatever it is you need, we can secure and manage it for you. Call us today.

Published with permission from TechAdvisory.org. Source.

The post 3 Reasons why security is better in the cloud appeared first on Complete Technology Resources, Inc..

Feature updates can come and go, but when Microsoft releases a security update, you need to install it as soon as possible. This is because hackers are constantly looking for software bugs to exploit, and in Microsoft’s case, cybercriminals have found a serious vulnerability in Word.

The post Watch out for this Microsoft Word bug appeared first on Complete Technology Resources, Inc..

26 Apr, 2017 / by Complete Technology Resources / in Office, Security category

Feature updates can come and go, but when Microsoft releases a security update, you need to install it as soon as possible. This is because hackers are constantly looking for software bugs to exploit, and in Microsoft’s case, cybercriminals have found a serious vulnerability in Word.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

The post Watch out for this Microsoft Word bug appeared first on Complete Technology Resources, Inc..

So much of cybersecurity depends on adequate awareness from users. Phishing for example, preys on people’s fears and desires to convince them to click on hyperlink images and text before checking where they actually lead to. However, with the latest trend in phishing, even the most cautious users can get swept up.

The post Homographs: the newest trend in phishing appeared first on Complete Technology Resources, Inc..

24 Apr, 2017 / by Complete Technology Resources / in Browsers, Security category

Homographs: the newest trend in phishing

So much of cybersecurity depends on adequate awareness from users. Phishing for example, preys on people’s fears and desires to convince them to click on hyperlink images and text before checking where they actually lead to. However, with the latest trend in phishing, even the most cautious users can get swept up. Read on to educate yourself on how to avoid this dangerous scam.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades -- and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com -- which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

The post Homographs: the newest trend in phishing appeared first on Complete Technology Resources, Inc..

The Google Defender scam

What are homographs?

How does this lead to phishing attacks?

The solution

About CTR

Latest Post

Arizona:

Connecticut:

Massachusetts:

Contact Information: