Archive for Security

Winter is Coming: Dyre Wolf Malware Can Leave Your Bank Account Looking Stark

b2ap3_thumbnail_phishing_attack_400.jpgWith the critically-acclaimed television series, Game of Thrones returning to viewers this spring, it seems apt to discuss a manner of hacking attack called Dyre Wolf. This particular threat is just as fierce as its name implies, and can potentially cost businesses between $500,000 to $1.5 million per attack. It takes advantage of a multi-step phishing process, and your employees should understand how to avoid attacks like these.

The vulnerability was discovered last October, but John Kuhn, a senior threat researcher for IBM, reports that Dyre is following the recent trend of moving toward more sophisticated hacking measures. According to ZDNet, this threat takes advantage of the Dyre banking trojan to infiltrate infrastructures and make off with a hefty chunk of change. They accomplish this by taking advantage of social engineering tactics designed to dupe users into revealing important information about accounts.

Unlike other Trojans that go after individual bank accounts, Dyre Wolf is designed to tackle large organizations that accrue a lot of profits. This is why it’s important to train your team to identify and manage a phishing attack without falling victim to these social engineering threats. Dyre Wolf uses a seven-step process to pull off these expensive hacks:

  • Step 1: Spear Phishing Attacks. The employee will receive a phony email that houses the Upatre malware. This malware is designed to download the Dyre Trojan.
  • Step 2: Execution. The Upatre malware installs itself on the computer when opening an infected attachment.
  • Step 3: Communication. Upatre downloads Dyre onto the infected system.
  • Step 4: Watching and Waiting. Dyre observes the browsing behavior of the infected PC, waiting for the victim to visit one of several hundred banking websites. It then displays a message claiming that there’s an issue with the account, along with a fake support phone number.
  • Step 5: The Fake Phone Call. The user calls the fake number and is greeted by a human voice, rather than an automated one. The hacker then proceeds to gather sensitive information and credentials, unbeknownst to the user.
  • Step 6: The Wire Transfer. The criminal arranges for the money transfer using the stolen credentials.
  • Step 7: DDoS. While the money is being transferred, the targeted organization will experience a distributed denial of service attack. The concept behind this is that the victim’s institution will be too busy dealing with the downtime to realize that they’ve been robbed.

dyre wolf to do

Of course, at the heart of any social engineering hack, the root of the problem comes from employees not understanding how to respond to potential threats. Social engineering thrives off of the average employee not knowing how to counter it; therefore, the best way to take the fight to this new generation of sophisticated hackers is to ingrain best practices into the minds of your workers.

To this end, IBM suggests the following procedures:

  • Make sure that employees understand security best practices, and how to report suspicious behavior.
  • Perform practice mock exercises to get a feel for how well your employees identify sketchy attachments and email messages. These would be designed to simulate real criminal behavior, and as such, should be an effective means for helping you gather information.
  • Offer advanced security training that helps employees understand why they must be on the lookout for suspicious online behavior, and what they can do about it should they encounter it.
  • Train employees on how to respond to banking threats, and make sure they know that banks will never request sensitive information that could compromise your account.

These are just a few ways to handle phishing and social engineering scams. For more information on how you can protect your business from these kind of hacks, give Total Networks a call at (602)412-5025.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

Tip of the Week: Revamp Your Password Policy with a Password Manager

b2ap3_thumbnail_password_security_400.jpgChanging your password is a pain. After you’ve gone several months with the same one, it can be difficult to remember your new password. Despite this, it’s always recommended that you change your passwords often. Unfortunately, when you change all of your passwords often, it’s even easier to forget them. Instead of using a post-it note on your monitor, you should instead try using a password manager.

passwordsFor those who aren’t entirely familiar with password managers, they are applications that can hold all of your login credentials in one secure location for later use. When you navigate your way to the login page of a site, the password manager automatically fills the forms with your credentials.This makes browsing the web much easier, and it makes remembering several complex passwords far more manageable.

For discussion’s sake, let’s take a look at one of the more popular consumer password managers: LastPass. It uses an interface designed for the end user to make dealing with passwords as simple as possible.

All you need to do is add an account’s information to the application, then enter the URL where the information applies. So long as the domain is correct, the credentials will fill in the forms. This way, password managers are capable of protecting you from potential phishing attacks utilizing fake domains that closely resemble those of secure sites. Once the credentials are entered, you can set whether or not you want to autofill the login boxes, as well as whether or not you want to integrate auto-login for the particular website.

Password Best Practices
Despite the immense security that password managers are capable of bringing to the table, you still want to be cautious; especially when it comes to your password manager’s password. It’s best to use a complex string of different characters, including numbers, symbols, and letters. If you’re having trouble coming up with a password, you can do one of two things: use an online password generator, or randomly hit a bunch of keys. You’ll probably get a similar result.

It should be mentioned that, according to ZDNet, some password managers can have trouble on mobile devices. This means that users have to manually use the software in order to get their desired credentials. This minor inconvenience is offset by the incredible efficiency that password managers provide.

There’s a big difference between consumer and enterprise-level password managers, so businesses want to make sure they’re using only the best of the bunch for their solution. These business-grade password managers make sure that employees don’t leave the company and take all of your passwords with them.

For more tips on how to take advantage of the latest security solutions, give Total Networks a call at (602)412-5025.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

3 Red Flags to Look Out For with Your IT Staff

b2ap3_thumbnail_red_flag_400.jpgOne of the most important factors that you should consider when looking for IT staff is how much you can trust them. After all, they’re dealing with your technology. You’re trusting them with incredible responsibility. Therefore, you need to be sure they are honest, hard-working individuals. How can you ensure that you aren’t getting blindsided by your IT staff?

Roger Grimes of InfoWorld discusses several warning signs that he’s encountered in the past that might hint toward sketchy behavior from your technology department. Here are three of these warning signs you should look out for.

Have They Failed a Background Check?
Normally, a failed background check could mean that the potential hire isn’t a reliable choice. However, Grimes suggests to look beyond that at why the individual fails a background check. People make mistakes, and some can haunt us for the rest of our lives, even if they were decades ago. The overarching problem is if the person has lied about their background and their check comes up negative. It’s important for prospective team members to be honest and forthcoming about their past, in order to foster a relationship built on trust. In fact, Grimes claims that his employees who have less-than-stellar backgrounds were exceptionally useful when identifying real criminals.

They Are Privy to Sensitive Information
This should immediately be a warning sign. If your team knows information that they shouldn’t have access to, it may be a clue that they’re up to something. For example, an employee who is aware of changes that are being implemented before they are even announced to the staff is probably poking his nose around where it doesn’t belong. This might bring up the question of whether or not they’re stealing confidential data, like client credit card numbers or Social Security numbers, and using it to make fraudulent purchases or otherwise.

They Leave the Company in a Fit of Rage
This is one of the most dangerous scenarios your business can experience. We all have that one employee who does a lot, and is well-respected for his hard work around the office. However, what happens when that employee finally snaps from overworking himself? Will he get all fired up over it and leave in a frenzy, or will he respectfully put in his two weeks notice and leave without incident? If he chooses the former, and he was privy to sensitive information like client usernames and passwords, he could cause a lot of trouble for your business in the blink of an eye. Therefore, it’s important that you or your remaining IT staff take the responsibility of changing all passwords associated with the company or its clients.

Outsourced IT from Total Networks
While utilizing your in-house IT staff certainly has its advantages, an outsourced IT agency like Total Networks doesn’t come with any strings attached. Our trusted IT professionals have proven time and again that they can be trusted to handle technology in the most efficient way possible.

To prevent unauthorized users from accessing information they shouldn’t, we can set up user permissions that restrict network access to select individuals. We can also react to employee turnover by minimizing the risk associated with their leaving the company. We can even integrate security cameras and remote monitoring protocol to ensure that your team isn’t pulling the wool over your eyes. Just give us a call at (602)412-5025 to learn more.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

The US Military Plans to Bring Biometric Passwords to the Public

b2ap3_thumbnail_biometric_security_systems_400.jpgHumans are always trying to improve security protocols that can protect against increasingly advanced online threats. Unfortunately, the threats only grow stronger in response, and the war against malicious online activity rages on. Biometrics are security measures that are growing in popularity, but are expensive and difficult to integrate. Now, the US military is funding a campaign to make it more readily available to end users.

Sky News reports that the deal struck by the US military is worth multiple millions of dollars, and is currently being carried out by the researchers at West Point. Other conceptual biometric technologies, like fingerprints or corneal-scanning have already been developed, but these types of biometrics are much different from the previously proposed ideas. Instead of concentrating on the physical characteristics of the users, this new method would examine the behavioral aspects of how a user uses their technology.

For instance, everyone moves their mouse differently, and uses a swiping pattern to unlock their smartphone. These are called cognitive fingerprints:

Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a “cognitive fingerprint.”

As Mashable puts it, “You pass authentication just by being you.”

One example highlighted was stylometrics, which analyzes the style and structure of a user’s writing. This can determine authorship in a similar manner to the way academic institutions identify plagiarism. The project to integrate certain biometrics such as these is already in its fourth phase, and is expected to soon be available to the general public for online shopping, banking, and more.

Is this something that should be developed? Some people aren’t so sure. Advocates of privacy feel that this new method may be used as a new tool for cyber espionage, or for in-depth monitoring of personal habits. This is mainly due to the controversy over the NSA’s controversial practices, but only time can tell whether these concerns are justified or not.

We might not know how effective these biometrics will be, but we know one sure-fire way to protect the integrity of your business’s network: Total Networks’s Unified Threat Management solution. With this device, your business will have a firewall, antivirus, content filtering, and spam blocking solution to keep your network as secure as possible. Malicious entities have an arsenal of different tools they can use to bring down your business, but with this comprehensive enterprise-level solution protecting your network, you’ll have nothing to fear. Give us a call at (602)412-5025 to learn more.

Continue Reading →

Posted in: Security

Leave a Comment (0) →
Page 1 of 14 12345...»
Facebook Auto Publish Powered By :