Bitdefender released its 2023 Cybersecurity Assessment report Wednesday, which surveyed more than 400 IT and security professionals located in the U.S., U.K., Germany, France, Italy and Spain. The report found that 42% of surveyed respondents said they were told to keep a breach confidential when they should have reported it, and nearly 30% said they had kept a breach confidential knowing it should have been reported. When it comes to U.S.-based organizations, those percentages only increased. The report also addressed the legal backlash of maintaining breach confidentiality. The primary threat concerns for surveyed respondents last year were software vulnerabilities and zero-day exploits, followed closely by phishing campaigns and supply chain attacks. Ransomware came in at No. 4. Bitdefender noted that patching software vulnerabilities in a timely manner is an ongoing problem that attackers increasingly leverage. Bitdefender released its 2023 Cybersecurity Assessment report Wednesday, which surveyed more than 400 IT and security professionals located in the U.S., U.K., Germany, France, Italy and Spain. The report found that 42% of surveyed respondents said they were told to keep a breach confidential when they should have reported it, and nearly 30% said they had kept a breach confidential knowing it should have been reported. When it comes to U.S.-based organizations, those percentages only increased. The report also addressed the legal backlash of maintaining breach confidentiality. The primary threat concerns for surveyed respondents last year were software vulnerabilities and zero-day exploits, followed closely by phishing campaigns and supply chain attacks. Ransomware came in at No. 4. Bitdefender noted that patching software vulnerabilities in a timely manner is an ongoing problem that attackers increasingly leverage. Bitdefender released its 2023 Cybersecurity Assessment report Wednesday, which surveyed more than 400 IT and security professionals located in the U.S., U.K., Germany, France, Italy and Spain. The report found that 42% of surveyed respondents said they were told to keep a breach confidential when they should have reported it, and nearly 30% said they had kept a breach confidential knowing it should have been reported. When it comes to U.S.-based organizations, those percentages only increased. The report also addressed the legal backlash of maintaining breach confidentiality. The primary threat concerns for surveyed respondents last year were software vulnerabilities and zero-day exploits, followed closely by phishing campaigns and supply chain attacks. Ransomware came in at No. 4. Bitdefender noted that patching software vulnerabilities in a timely manner is an ongoing problem that attackers increasingly leverage.
Recently, there was a rise in cybercrime related to the closing of Silicon Valley Bank (SVB). Threat actors go after businesses and sometimes use them in their illegal activities. SVB was the 16th largest bank in the U.S. The bank worked with tech giants like Buzzfeed, Roblox, and Roku. However, global inflation and a deposit run caused regulators to close the bank on Friday, March 10, 2023. Hackers are using SVB-related content to manipulate people’s emotions. Analysts are finding more phishing attacks connected to the SVB closure, and new threats appear daily. How Hackers Set Up SVB-related Attacks Cybercriminals started buying fake SVB domains shortly after SVB closed. This is how they set up their SVB-related attacks. The attackers then made and tested phishing flows before starting their campaigns. More than 62 new domains were set up for SVB-related attacks, and there were 200 phishing scams, most of which targeted businesses in the U.S. The public response helped hackers Unfortunately, the public’s response to the SVB crisis may have unwittingly aided cybercriminals. Attackers used websites that listed affected SVB customers to find targets. Also, emails from companies switching to new banks can look like phishing emails, which can cause confusion and increase the risks. Getting Ready for the Wave of SVB Fraud To counter SVB-related attacks and protect your business, you should: 1. Raise employee awareness about phishing and cyber threats. 2. Provide regular security training. 3. Implement email security solutions with anti-phishing features. 4. Use multi-factor authentication. 5. Keep software updated to prevent vulnerabilities. 6. Encourage strong, unique passwords and start using password managers. 7. Monitor the company’s online presence for fake domains or websites. 8. Develop and maintain an incident response plan. 9. Periodically review and update security processes. 10. Collaborate with cybersecurity experts for audits and vulnerability assessments. The recent failure of SVB has given cybercriminals a chance to take advantage of businesses and individuals. To protect yourself from SVB-related attacks and other cyber threats, you need to put cybersecurity at the top of your list of priorities. You can shield your company from these attacks by being proactive, improving security infrastructure, and using your resources wisely.
Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit. While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company’s lack of transparency. Essendant’s Outage Is Preventing Fulfillment of Orders The network-wide outage started on the night of March 6, 2023. Essendant then began notifying customers about it the following day. Because of the disruption, the company can’t accommodate new online orders or fulfill existing ones. Aside from customers and suppliers, the incident also affects freight carriers. The company has told them to postpone pickups for now. Essendant carries more than 160,000 items and caters to around 30,000 resellers. The disruption has a significant impact on its supply chain. What Is Essendant Doing to Address the Issue? Since March 20, 2023, Essendant has taken significant steps to recover its operations. The company has restored at least a hundred systems and performed end-to-end testing. It is currently in the pilot stages of its pick, pack, and ship efforts. Here’s what customers can expect from Essendant at this point of its recovery: Empower users now have new login credentials and can place orders through the portal. Aside from Empower, customers can access other Solution Central applications. That includes List Assistant, ICAPS, Essendant Marketing Studio, and Market Xpert. Essendant’s customer care team is only accessible through email. Request volumes are high, and turnaround time will be longer.There will be longer shipment times because of higher order volumes. The Bottom Line The Essendant outage highlights the importance of data backups. Losing large amounts of information, whether employee, customer, or systems data, can cripple a business. But with a data backup strategy, you have a duplicate of your systems and can recover faster. Secondly, it’s a reminder for business owners to have a contingency plan. If your supplier can’t deliver for whatever reason, having a backup plan will save your business.
The United States government is alerting organizations about the Royal ransomware operation. The Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) said in a joint advisory that the Royal ransomware gang poses an increasing threat to the critical infrastructure of numerous sectors in the U.S. The Royal ransomware group has been targeting different sectors across the country and abroad. Among its victims are health care, education, communications, and manufacturing organizations. How the Royal Ransomware Gang Operates According to the FBI and CISA, Royal actors use phishing links to access an organization’s network. These links carry a malware downloader. The cyber threat actors then disable the network’s antivirus software, extract large amounts of data, and encrypt systems. Other than phishing links, the Royal ransomware gang also uses these other tools to get into an organization’s network, including: Remote desktop protocol (RDP) Initial access brokers The exploitation of public-facing applications Royal Ransomware Made Rounds Since 2022 The Royal ransomware gang first made rounds in early 2022. It used third-party ransomware like Zeon when it started. But it has since created its own ransomware and has been using it since September. It also uses other malicious tools to gather information and keep victims from restoring their data. In December, the U.S. Department of Health and Human Services announced that Royal ransomware targeted the healthcare sector. Royal’s leak page on the dark web listed two healthcare service providers as victims. Royal actors had also made ransom demands in Bitcoin. These demands range between $1 million and $11 million. The ransom notes do not state ransom amounts and payment details. But these contain instructions on how to contact the group. Royal Gang Is a Group of Experienced Cybercriminals Security experts believe that experienced cybercriminals make up the Royal ransomware gang. These cyber threat actors have worked together in previous operations. Cyber security experts noted similarities between the Royal operation and Conti – a Russian hacking enterprise. Conti disbanded in June 2022, giving rise to several cybercriminal groups. These groups applied the same phishing technique that the Royal gang now uses to deploy its ransomware. Organizations Should Have a Data Recovery Plan in Place The U.S. government advises businesses and organizations to have a data recovery plan in place. This plan ensures that organizations won’t lose their data in case Royal ransomware infiltrates their systems. Additionally, organizations can continue their operations in case of a ransomware attack. A recovery plan includes: maintaining multiple backups of data implementing multi-factor authentication securing accounts with unique and strong passwords using monitoring tools to detect suspicious activity in their network implementing network segmentation updating all software and operating systems auditing all accounts disabling unused services The Bottom Line: Businesses Should Be Ready for Ransomware Attacks Businesses and organizations could lose all their data, including customers’ personal information, from a ransomware attack. And this could incapacitate their business or at least disrupt operations. Their customers would also lose trust and confidence in them. As such, businesses and organizations should prepare themselves for possible cyberattacks. It is not enough to put measures in place to prevent it. They should also have a contingency plan in case they fall victim to a cybercrime.
Having a password for online accounts is not enough protection. Hackers and cybercriminals have found a way to crack passwords and hijack emails, bank accounts, social media pages, and other digital real estates. Through password mass attacks, cyber threat actors no longer have to spend a long time trying to guess your online credentials. Understanding a Password Mass Attack A password mask attack is a technique cybercriminals use to crack passwords. While a conventional brute-force attack tries to guess your password by entering every possible letter, number, and symbol combination, a mask attack is more targeted and takes less time. It is also more systematic. With a mask attack, cybercriminals check passwords for a specific pattern. Knowing this pattern allows them to skip character combinations that are not necessary. Threat actors will use information about your password creation behavior, including your composition patterns. They will then start cracking a subset of your password’s format or entire length. How Does a Password Mask Attack Work? Websites and online apps do not store their users’ passwords verbatim. Instead, they use a process called hashing. Hashing uses an encryption algorithm to turn passwords and other data into a string of letters and numbers. Hashing improves the security of your password. So, if attackers hack a website, they won’t be able to access your password as is. Instead, they will get the encrypted “hash” that the algorithm had created. If cybercriminals get a hold of password hashes from a site, they can start a password mask attack. They will put the character combinations into a hashing function and wait until they get valid hits or until it creates a hash that matches yours. These cybercriminals can calculate hashes for common words and often-used combinations. Cybercriminals don’t crack each password within the data set they obtained from a website. They only need to crack enough passwords to get an initial foothold on the website and go deeper into their attack. How to Prevent Password Mask Attacks It is important for businesses with websites to take steps to prevent password mask attacks. Their websites must encourage customers or individual users to create strong passwords. Strong passwords contain a combination of uppercase and lowercase letters, numbers, and special characters. With stronger passwords, cybercriminals would find it hard to guess the patterns and calculate hashes. Businesses and organizations with websites can also use password managers. These tools help prevent network security threats by storing and managing users’ credentials. Moreover, they address password security issues like weak passwords and password reuse. The Bottom Line: Protect Business Sites and Customers From Mask Attacks Password mask attacks on a business website put customer data at risk. Once cybercriminals crack passwords, they can also extract personal data and use them to access bank accounts. Or they can launch smaller attacks targeted at individuals. Customers will lose confidence in a business if this happens. A mask attack can also disrupt business operations. As such, businesses should encourage their users to create strong passwords. They should also use password managers to protect passwords and customer credentials.
A new malware campaign on Facebook and YouTube is making headlines. S1deload Stealer hijacks these social media accounts, mines cryptocurrency, and spreads itself. Discover what business owners need to know about this malware. How the Malware Installs Itself S1deload Stealer is hidden within photo files with adult themes. The attackers use social engineering to post download links to these files on Facebook comments. When someone downloads one of the relevant files and then unzips the folder, they will see a signed executable file. That file includes the malicious DLL with the payload and a valid Western Digital signature. Users may not even know they have malware on their computers. The file that contains the DLL also has real images, reducing suspicion. What Happens After Installation After installation, the hackers’ command and control server instructs the S1deload Stealer. It can run and download various components. One of these is a headless Chrome browser. As a headless browser, it runs in the background without the user knowing. This is a common way to boost YouTube and Facebook views. The malware also uses a stealer to access passwords and other credentials saved in the browser. It also accesses exfiltration and cookie decryption. From there, the attacker uses the credentials to post more comments on social media via additional social engineering attacks, expanding its reach. S1deload Stealer also deploys a BEAM cryptojacker, which allows for cryptomining. By mining BEAM, the attackers get another financial benefit from this malware. The Malware’s Reach To date, S1deload Stealer has affected at least 600 unique users, infecting their computers. Official Suggestions Bitdefender broke the news of this new malware. The cybersecurity company says that you should never click on an EXE file that comes from an unknown or untrusted source. It also suggests paying attention to any security alerts your computer issues. Conclusion – And What Business Owners Can Learn S1deload Stealer is just one recent example of the increase in malware targeting both businesses and consumers. Businesses are an especially appealing target because they store credit card information. Business owners should protect their companies and their customers by checking for unexpected purchases and canceling affected cards. They should also implement safeguards within their systems and train employees on best practices, such as not downloading EXE files.
Email marketing is a highly successful strategy for modern businesses, giving a variety of advantages that may assist in increasing customer interaction, brand exposure, and lead generation. Here are some of the most important benefits of having an email marketing plan for your company: Increased customer engagement: By delivering targeted, tailored emails to your clients, you may increase their engagement with your company and its offerings. This can assist in increasing client retention and loyalty. Improved brand recognition: An email marketing campaign can help promote your brand and increase target audience awareness of your products or services. This might be especially valuable if you are a new firm or want to enter new markets. Enhanced lead generation: Email marketing can effectively generate leads for your small IT business. By including calls-to-action in your emails, you can encourage recipients to visit your website or contact you for more information about your products or services. Cost-effective: Email marketing is generally a low-cost marketing strategy, particularly when compared to traditional marketing forms such as print or TV advertising. This makes it an ideal option for small businesses with limited marketing budgets. Easy to track and measure: Email marketing tools make it easy to track the success of your campaigns and identify areas for improvement. This allows you to fine-tune your email marketing strategy over time and ensure that you get the best possible marketing investment results. Email marketing is an effective technique that companies should consider. You can increase consumer interaction, raise brand recognition, and create leads for your organization by executing an email marketing plan. Email marketing provides an unrivaled mix of efficacy and efficiency due to its cheap cost and easy-to-track results. Don’t pass up the chance to take your business to the next level. Begin adopting an email marketing plan today and watch your company succeed in the digital era.
Microsoft has decided to retire its MS Teams Free (classic) app. Released in 2017, MS Teams is a communication platform where users chat and call each other over the internet. While the primary concept is nothing new, the innovation comes with bells and whistles included. It is geared towards being a collaboration platform. The product is available in both paid and free versions. The company has recently announced it would be retiring the free version. When Is the MS Teams Free (Classic) Version Retiring? Microsoft is set to retire the MS Teams Free (classic) version on April 12, 2023. The app will no longer be available, and data will be erased. That means organizations using the program need a transition plan right now. What Should You Do? Organizations using MS Teams Free (classic) have several options to switch. The first and understandably most promoted option by Microsoft is upgrading your Teams plan. There are two paid versions available: Teams Essentials Microsoft 365 Business Basic Essentials is a straightforward option. It allows you to keep all your files, chats, teams, and meetings in one cloud storage. On top of that, you get 300 participants per meeting, 10 GB storage per user, and unlimited group meetings up to 30 hours long. Who meets for 30 hours straight? We do not want to be the ones to know. This upgrade costs $4 per user per month. The retirement of MS Teams Free could be an opportunity for your organization to switch to the MS 365 Business Basic. It is a complete productivity suite built for small to medium-sized businesses. At $6 per user per month, you get access to everything mentioned above, plus the following: Recordings with transcript MS 365 productivity apps like Word and Excel Manage customer appointments 1 TB cloud storage per user If your organization is not ready to invest in paid productivity platforms yet, you still have the option to download and use the new Microsoft Teams Free app. Yes, they will retain a free version, offering: Unlimited group meetings for up to an hour Up to a hundred participants 5 GB cloud storage per user The caveat is that it will use a new account. That means whatever data you have saved on your classic Teams would not be transferred to the new one.Whatever you choose, it is wise to start downloading and backing up all the data on your classic Teams after reading this part. If you are interested in alternatives to MS Teams, read on. Microsoft Teams Alternatives We would be remiss to discuss MS Teams alternatives without mentioning Zoom. It is a communication platform for chats and calls. Key features include meeting recording, instant messaging during video calls, and cloud phone solutions. It can link with your Google Calendar, too. If you are interested in Google products, their Meet platform integrates with other systems like Gmail, Calendar, and more. It is a web-based platform, meaning you can use it on any modern browser. Now, do not forget to back up your Teams data.
There are several ways a business can enhance and optimize its operations. A customer relationship management (CRM) system is one technology that may considerably assist your organization. A CRM system is software that helps businesses manage and optimize customer interactions and data across the customer lifecycle, from lead creation to nurturing. There are several key advantages to using a CRM system for lead generation and nurturing. First and foremost, a CRM system allows you to centralize and organize your customer data in one place. This includes contact information, communication history, and any notes or comments about the customer. Having this information easily accessible allows you to better understand your customers’ needs and preferences, as well as effectively communicate with them. A CRM system helps you concentrate and manage all your client data in one location. Contact information, communication history, and any notes or remarks regarding the consumer are all included. Having this information available enables you to understand better your clients’ requirements and preferences, as well as effectively communicate with them. In addition to improving sales and marketing efficiency, a CRM system can also help increase customer loyalty. By managing customer interactions and communication through a CRM, you can provide a better overall customer experience. This can increase customer retention and positive word-of-mouth marketing for your business. The advantages of a CRM system don’t end there. Your sales process may be streamlined and optimized with a CRM. For instance, you may use a CRM to track a prospect’s journey through the sales funnel and see any bottlenecks or areas where businesses can improve. Companies may also use a CRM to manage their sales team, monitor sales performance, and assign tasks. A CRM system is a valuable tool for small IT companies aiming to enhance their lead generation and nurturing efforts. In addition, a CRM may help you expand your business and create lasting relationships with your clients by improving consumer insights, sales, marketing efficiency, and customer loyalty.
As a business owner, you realize the necessity of being competitive in a rapidly evolving industry. One method is to use technology to simplify your operations. The proper strategies and tools can boost productivity, cut expenses, and help you provide better customer service. A few strategies for achieving these objectives are: Automate repetitive tasks: Many IT activities, such as server configuration and software installation, are repetitive and time-consuming. These tasks may be handled by automation systems with little involvement from you, freeing up your time to concentrate on other crucial work. Scripts, macros, and integrations are just a few of the various automation solutions that may be tailored to your company’s needs. Use project management software: Managing a small IT firm requires managing several clients and projects simultaneously. You may access project management software from any device with an internet connection to keep track of tasks, deadlines, and resources. This will assist you in staying organized and fulfilling your obligations while also providing better teamwork and communication. Adopt cloud computing: There are several advantages to moving your company’s data and apps to the cloud. Thanks to cloud computing, you may access your data from any device with an internet connection, which can lessen the requirement for on-premises infrastructure and software. This can reduce the cost of maintenance and updates while also making it simpler to scale your business as it grows. By implementing these technologies, you can streamline your business’s operations and improve its efficiency. Automating repetitive tasks and using project management software can save you time and reduce the risk of mistakes. Another advantage is that adopting cloud computing can save you money and make it easier to scale your business. By taking advantage of these tools, you can better serve your clients and stay competitive in a rapidly changing industry.