Cybercriminals Confess

 The Top 5 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

The contemporary world is rife with digital thieves. They’re penetrating the complicated data structures of huge credit-monitoring companies like Equifax, scooping up the personal information of millions of people. They’re releasing sensitive customer data to the public from discreet businesses like Ashley Madison. They’re watching webcam feeds of our celebrities without them knowing; they’re locking down the systems of public utilities like the German railway system; they’re even managing to steal thousands of gigabytes of information directly from high-profile government entities like the CIA.

They’re also targeting small businesses exactly like your own and extorting them for thousands and thousands of dollars. When running a company, it’s vital to have a dedicated security team, equipped with the most up-to-the-minute security technology, on your side to protect you from these malicious cyberthreats. But it’s not enough to leave it to somebody else. You also need to be informed. Here are five of the most common ways hackers infiltrate your network:

1 Phishing Scams

You receive an e-mail in your work inbox coming directly from a high-ranking employee with whom you’ve been

working on a project. Inside is a link he needs you to click to access some “vital information,” but when you click it, it rapidly installs a host of malware on the computer, spreads through the network and locks out everyone in the company.

Phishing scams are the oldest trick in a hacker’s book – ever received one of those “Nigerian Prince” scams? – but they’re still wildly successful. Not only that, but they’re becoming increasingly more sophisticated. As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company. One well-meaning system administrator even offered to post a PDF that could deliver malware on an internal server because it was called, ‘How to avoid a phishing attack.’” How’s that for irony?

2 Social Engineering

Social engineering is a type of “hacking” that uses real, well-intentioned people to carry out its schemes, rather than intricate lines of code. This is especially effective for gathering sensitive information that can later be used

in another type of attack – e-mail passwords used for phishing scams, for example. Maybe your IT guy receives a call from the “secretary” of one of your clients, pretending that they’re experiencing problems with your

service due to some firewall, a problem that your IT professional is more than happy to help out with. Before you know it, the caller knows the ins and outs of your entire security system, or lack thereof. Social engineers have been known to use phone company customer service departments, Facebook and other services to gather Social Security or credit card numbers, prepare for digital robbery and even change the passwords to your central data network security.

3 Password Hacking

You may think that your passwords are clever and complicated, filled with exclamation points and random numbers, but it’s rarely enough. With information gathered carefully from social engineering or a simple check on your employees’ social media accounts, hackers can easily use brute-force to figure out that your password

is the name of the family dog, followed by your anniversary (for example). That’s if they didn’t already manage to steal your password through one of the techniques listed above.

4 Fault Injection

Sophisticated hackers can scan your business’s network or software source code for weak points. Once they’re

located, they can surgically attempt to crash the system through snippets of code they splice in expressly for that purpose. Different commands can do different things, whether they want to deliver a devastating virus,

redirect links on your website to malicious malware or steal and erase vast swathes of information.

5 USB-based Malware

At the last conference you attended, someone probably handed out free branded USB sticks to keep their business top-of-mind. Hackers will sometimes covertly slip a bunch of infected USB sticks into a company’s stash. The instant somebody tries to use one, their computer is taken over by ransomware.

So What Can I Do About It?

It’s a scary world out there, with virtually everyone left vulnerable to digital attack. Knowing the strategies hackers deploy is half the battle. But, frankly, these techniques are constantly changing; it’s impossible to keep up by yourself.

That’s why it’s so important to utilize only the most up-to-date security solutions when protecting your business. Hackers move fast. You and your security technology need to stay one step ahead, and WAMS will help you to do just that. Give us a call at 800-421-7151 to find out how.

Benefits of Serverless Computing

“Serverless computing” sounds like a dream come true. It conjures images of a world where business owners don’t need to worry about purchasing expensive hardware or configuring complex software. But serverless computing isn’t just a dream, it’s the next big thing in cloud computing.

What is it?

Outsourcing workloads to the cloud — like websites and apps — requires just as much hardware as if the computations were performed in an on-site server. The only difference is the location of the server.

Office 365 or Google Docs are great examples of this model. Thousands of servers are set up to run these apps so there is always enough capacity to handle the millions of people who use these apps at any given moment. Microsoft and Google need to manage and maintain these servers 24/7 to keep up with demand so they’re always on and always ready to handle more workloads, even during off-peak hours.

Serverless computing changes everything by allowing developers to create apps and websites that use cloud resources only when they’re needed. So, if you were to create a web app, you wouldn’t need to pay for a dedicated cloud server. The cloud provider would host your app’s programming code and run it only when a user requested it. The cloud provider would take care of allocating the appropriate resources and charge by the second for what you use.

Who can benefit from it?

Serverless computing is for users who use cloud resources for processing power. If you’re using the cloud only to store files, serverless services aren’t going to help you. However, if you use the cloud to process information and turn it into something more useful, serverless computing will help you immensely.

An everyday example of this is Amazon’s Alexa. Every command the AI assistant responds to is nothing more than an app that sits dormant until a user tells Alexa to run it. Small businesses are creating apps in Amazon’s cloud that can be processed by the voice assistant without the burden of setting up a dedicated server.

Serverless computing isn’t about getting rid of servers; it’s about using their raw computing power without being forced to fine tune them first. It falls under the umbrella of virtualization technology and is another step in the right direction for small businesses working with limited budgets.

For more information about how virtualization can help you lower costs and increase efficiencies, give us a call today at 800-421-7151.

Google Weighs in on Account Hijacking

According to experts, passwords shouldn’t be the only way you defend your accounts. After all, hackers have plenty of tricks and tools to steal them. So to help businesses fully understand the risks involved, Google conducted a study on the causes of account hijacking.

The results
From March 2016 to March 2017, Google and UC Berkeley researchers examined three main ways hackers hijack accounts:

Keylogging software – a malicious program that records computer users’ keystrokes
Phishing emails – to lead people into dangerous websites
Stolen passwords – available to the highest bidder
In just one year, Google found 788,000 successful keylogging attacks, 12.4 million victims of phishing attacks, and 1.9 billion accounts exposed via login credentials sold on the black market.

Researchers suggest the reason so many accounts are hacked is because people tend to reuse their passwords, which means if one set of login credentials is exposed, other accounts could be compromised.

Phishing is also a big threat because it targets users — the weakest links in your cybersecurity. The strongest password or security system won’t mean anything if your employees constantly fall for online scams.

Protecting your accounts

There are several things you can do thwart account hijacking. For starters, you should set strong and unique passwords for each account to minimize data breaches.

While the general rule in the past was to set a complex password — a mix of letters, numbers, and symbols — recent studies suggest that longer, 20-character “passphrases” are much tougher to crack. If you find it difficult to remember several passwords, consider using a password manager, which not only stores all your passwords, but can generate strong passwords, too.

To deal with phishing attacks, you should activate multi-factor authentication on your accounts. This adds an extra layer of identity verification to your password (e.g., a fingerprint scan or a temporary security key sent to your phone), making your login details ‘unphishable.’

Security training is also crucial. This includes teaching your employees about what phishing attacks look like and instructing them on password protection best practices so they never fall victim to account hijacking.

The bottom line is not only that strong password security requires strong defense mechanisms; you and your employees must be vigilant, too.

Need more advice on keeping your business safe? Call us today at 800-421-7151! We provide critical security updates and comprehensive support services to help you stay well ahead of cybercriminals.

Beware of Sneaky Microsoft Office Malware

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks

Beyond saying no, you can protect yourself by following these security best practices:

-Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
-View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
-Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.

Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.
Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started at 800-421-7151!

How The Cloud Could Have Averted Disaster For Hundreds Of Companies Affected By These Catastrophes

Two months after hurricanes Harvey and Irma wreaked havoc on coastal cities, large swaths of the United States are still reeling from their impact. In their wake, the nation has been moved as we witness numerous communities unite to rebuild, finding their bearings among the millions of dollars of flooding damage and rampant destruction. Though the wonderful people of these cities will persevere, these wounds will leave indelible scars on the affected areas.

Even with the concerted efforts of thousands of volunteers and community members alike, Russel Honore — the former Joint Task Force Katrina commander — told the FOX Business Network that an estimated “40% of small businesses don’t survive” widespread natural disasters like hurricanes. Part of this is due to raw damage, lack of proper insurance or business infrastructure simply being washed away in the flood. Other businesses can’t afford to hemorrhage money as they wait for the electricity grid to come back online, and are forced to shutter operations for good.

However, what is even more commonly fatal to companies both big and small is the loss of vital data. Many businesses can handle cleaning up flood damage, and they regain their footing quickly after a naturaldisaster. Still, if on-site servers, computers or network infrastructure soaks up the bruntof the water, then it’s going to be difficult, if not impossible, to get the company back to a pre-disaster point. If a company’s main server fails, it can mean thousands of hours of hard work down the drain, the loss of most clientele and hundreds of hours of downtime spent desperately trying to recover key data, which usually remains lost
forever.

But if, prior to catastrophe, a business has migrated their precious data to the cloud, they’re going to have a much easier time getting back on their feet and going straight to work. Even if an entire business is leveled, with cloud computing, employees can easily access the data central to the company’s operation and keep it afloat in
the interim.

Most cloud services back up your data with several levels of redundancy, making it almost impossible to lose it all, regardless of what may come. Whether it’s earthquakes, hurricanes or solar flares, you can rest easy knowing that your data is safe and sound and ready for you to access it. It’s a much safer, more secure way to go than having a server lurking in your back office, where it’s far more exposed than you might think.

This principle applies not only to environmental disasters, but to numerous other ways companies lose data each and every day. Whether it’s a disgruntled employee damaging or stealing precious data, or a hacker snaking their way deep into your systems and holding them for ransom, it’s all too easy to lose localized data. Some business owners feel uncomfortable holding their data off-site, citing security concerns, but it’s quite the opposite: the cloud sidesteps these concerns almost entirely, guarding your data behind highly secure cloud-based computing solutions and providing you with numerous backup options. Not to mention, according to a 2012 Alert Logic report, “on-premises environment users actually suffer more incidents” than those that use the cloud, and also suffer “significantly more brute force attacks compared to their counterparts.”

While it’s true that not every business is right for the cloud, it’s certainly something business owners should look into if they want to ensure the longevity of their company. If you’re interested, sign up to get our free cloud computing report.

Watch Out for the Huge KRACK in WiFi Security!

A fundamental flaw with WiFi networks has recently been discovered by two security researchers. According to their reports, the KRACK vulnerability renders advanced encryption protocols useless and affects nearly every wireless device. Read on to find out more about KRACK hacks and how you can defend against them.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today by emailing info@wamsinc.com.

How to Set Up Secure Guest Wi-Fi

Today, Wi-Fi isn’t only crucial for your employees to get work done, it’s also a necessary amenity for your office guests. But there’s a right and a wrong way to set up guest Wi-Fi and the latter can result in a frustrating experience for users. So, how do you set up guest Wi-Fi properly?

Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

Ways to create secondary Wi-Fi for guests

If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.

Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.

Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.

Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call at 800-421-7151.