Category : Security

5 Ways to Spy a Hacker in Your Network

download

1. Search for the telltale signs of a breach. 

Port Scans? Excessive failed log-ins? When a hacker infiltrates an unfamiliar network they need to learn the topology of the network, looking for vulnerable points of access in servers. From this point they can pinpoint administrative users and data stores.

2. Look for a “normal” user performing administrative tasks. 

By using native tools on computers and servers, hackers can stay under the radar for much longer than if they were to use known attack tools. Anti-virus software should pick up on malware and attack tools, but not normal administrative tools. Determining who the admins with the organization are can significantly lessen the worry. Active Directory aids in establishing user roles and privileges with which you can then use to see the applications and devices used by administrators or that are managed by administrators. Awareness about what the administrators within the organization are using, should make it easier to spot when an attacker is looming in the background.  If a hacker takes control of a administrator machine and begins performing tasks, you’ll be able to identify if this is normal or suspect activity.

3. Look for a device using multiple accounts and credentials to access network resources. 

Hackers, both internally and externally, generally steal user account information or generate fake accounts in order to gain access to the network. In order to spy indicative markers of of attack activity, analyze credential usage. Make sure to monitor network traffic and analyze log from the authentication and authorization infrastructure in your network. Extract data and look carefully to see how many systems each user interacts with, and monitor abnormalities.

4. Look for an attacker trying to find valuable data in file servers. 

By figuring out what Windows file shares are accessible, attackers hunt for important data such as intellectual property and banking information, or once they find important data they will encrypt it and the rest is history. A valuable signal would be to spot abnormalities in file share access. This is a preventative measure for spotting both hackers and employees considering insider theft.

5. Look for the command and control activity or persistent access mechanisms. 

Keep an eye on outbound communication. Attackers need to be able to communicate between the Internet and endpoints they control within your network. There could be malware and Remote Access Trojans in your network, so be mindful of indications of malicious software phoning home.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:Five signs an attacker is already in your network

DDoS Attacks Increase by 137.5 Percent

b66b95478fThe content delivery network,  Akamai, recently released it’s  Q1 2016 State of the Internet – Security Report, where the company found somewhat terrifying increases in DDoS attacks. There has been a 125 percent increase in distributed denial of service, aka DDoS attacks year over year but there has been a 35 percent increase in the average attack duration. But why is this? Comparing this years first quarter to that of 2015, in 2015 the average attack lasted around 15 hours, now that has increased to 16 hours. In addition, the type of attack has changed. Massive DDoS attacks that are 100 Gigabits per second are now increasingly common, with 19 of these attacks in the first quarter of 2016. This is nearly triple the number of massive attacks in 2015. An 137.5 percent increase to be exact.

In total, Akamai witnessed 4,523 DDoS attacks in 2016’s first quarter. Major Ugh. Furthermore in the first quarter of 2015, there was an average of 15 attack events per targeted customer, now that average has jumped to 29 attacks per targeted customer. By repeating attacks on the same customers rather than going after more targets, the amount of attacks per target dramatically increased.

In previous years, we saw hackers shying away from protected networks. Now hackers continue to try to infiltrate networks no matter if they are protected or not, hoping that eventually one of the defenses in place will fail. In addition to this, repeat attacks have increased due to the DDoS platforms becoming less expensive and easier to use. No hacking or networking skills are required anymore for DDoS attacks. Furthermore, DDoS for hire sites are now in place that enable anyone with Bitcoin to launch multiple simultaneous attacks from an easy-to-use interface with a menu of attacks.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: DDoS attacks increase over 125 percent year over year

Bank Accounts Targeted by Silent Malware

hybrid-banking-trojan-goznym-steals-4m-showcase_image-2-a-9049

 

Another level of sophisticated malware has hit the online banking platform in the form of a virus called “GozNym”. GozNym has already helped hackers steal over $4 million from banks in the United States, Canada, and Europe, according to IBM Security’s executive adviser Etay Maor, who also led forces in discovering the malicious software.

GozNym is a high alert and extremely dangerous malware due to a few contributing factors. One of which being the combination malware. Initial malware infects the machine, installing itself and a second form of malware onto the device. This second form waits in the background until the user decides to visit the web interface of a financial institution, storing the user’s username and password. The encryption level of the malware in this case has been doubled, making it even more difficult to analyze and research. The process is time consuming and often presents little answers as to how to alleviate the machine from the infection.

In addition, GozNym has been shown to be especially more difficult for anti-virus software to detect. Most well informed people aware of the sensitivity of their data, or simply value the life and protection of their computer, already have a noteworthy anti-virus software installed on their machine. Heeding to the advice of information technology professionals. However, if the anti-virus cannot detect the malware then your machine is basically waving it’s hands in the air, asking for trouble. An infection could arise without the user ever being aware of the installation, and all it takes is one visit to their bank’s web portal and the rest is history.

“There might be a million malware strains, but there are only a few families that are active and dangerous and those principal malware families are owned by organized crime, so this could cause very heavy losses in online banking fraud.”

 Don’t use the same password for everything. If hackers can silently get the password to one of your bank accounts without you knowing it, don’t give them more to work with by making that same password the golden key to all of your logins. Password managers are becoming increasingly popular due to the need for multiple passwords for everything. Although this method cannot be called bulletproof, it is a significantly better way to stay safe. The GozNym malware is sophisticated enough to show full bank account balances even after criminals have drained accounts. Try to stay conscious of how you are accessing your banking information. Paper statements for the time being, might be the best practice until a solution is found.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Dangerous New Malware Targets Online Bank Accounts

What to do if you suspect Malware? We have the answers

Most often one does not know that they are infected with Malware until it is indefinitely too late. A few signs can lead you too believe you might be infected, such as incredibly slow PC performance, browser pop-ups when no browser is open, and security warnings from security programs that have never been installed on your computer, can make you feel uneasy about your machine. Try these tools to kick Malware in the butt. malware-microsoft

Update Antivirus

The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field.

Find Safe Mode

Most malware, when designed correctly, is ready to evade System Restore points set in Windows. Perhaps this might be enough to fix the problem, but say that its not, as it most likely won’t be, try running a program designed to kill any known malware process in progress, such as RKill. The other option in this case is to boot Windows in a way that will not allow malware to get started, aka Safe Mode. By first restarting your PC (Windows 8 or 10), hold down the shift key during the boot sequence, and choose Safe Mode within the troubleshooting options.

Delete Hiding Places

You should then delete all temp files that could hide malware. To delete temp files, open the Start menu, type Disk Cleanup into the search bar and it will check the C:drive for all temp files that can be safely deleted. The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field. After this process it is advised that you run an antivirus on-demand scanner, such as Malwarebytes Anti-Malware. This program is a great line of second defense against malware because it often comes to the rescue if your initial antivirus fails.

No Connection

A RAT, means that someone is remotely accessing your PC. Your first step in this case is to get off the internet. Turn off the Wi-Fi, remove the Ethernet cable, turn off the router, whatever needs to be done in order to detach from the internet. Now, being disconnected from the internet ensures that you are no longer able to be controlled, but it makes it a great deal harder to receive the latest antivirus without access to the internet. The latest software will need to be retrieved from a third party PC, at a different location preferably, then transferred to the RAT PC via USB flash drive. Another option would be to reboot the computer with a CD. Running a full anti-malware utility, these CDs are sometimes called “rescue CD” and can be used without internet connection. Of course, in order to use this option, a CD player will be necessary.

Portable Help

If all other options have failed, it may be the Operating System that has already been infected, making it impossible to even download the newest antivirus software. In order avoid the OS and let the antivirus do its job, you will need to utilize portable apps through a USB flash drive. These portable apps do not require a direct installation. Apps like this consist of Microsoft Safety Scanner, CLamWin, McAfee Stinger, or Kaspersky Security Scan. You can also try a mix of many portable apps since they will not conflict as you have to run each scan individually. There are also other software options such as Spybot and Symantec’s Norton Power Eraser that specifically target a type of malware called crimeware, that run scams. Although this is measure is aggressive, and often times deletes files that might not be malware, all in the effort of safety of course.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to Remove Malware From Your PC

Easy and Free- 5 security apps for Windows 10

These 5 free security apps allow for safe browsing while protecting your computer against viruses, and even remembers all your passwords for you. Sounds great to us. apps.31776.9007199266248614.e32fdc94-77ee-4dac-af90-52ca48b6eb41

Password Padlock –  Password Padlock manages all your passwords securely by first having you select a single master password. This master password is used to encrypt all the other passwords in your collection using AES-256 encryption. You can rest well knowing that your master password is never stored. Encrypted passwords are easily backed up to OneDrive, and you can backup on one device and restore to another with ease.

LastPass- LastPass remembers all your passwords for you so you can spend time working on more important things. Creating strong passwords for every account you have, LastPass keeps such passwords locked up in the easy to navigate LastPass password manager. Automatic sync across every browser and device ensures you are never left scratching your head for your password. LastPass will sign into all your online accounts for you. Similar to Password Padlock, Last Pass also gives the option to create one secure password for ultimate protection. 

Super Password Generator – The Super Password Generator uses Cryptographic Random Number Generator to make sure the password generated with the given characters are unique and never gets duplicated. This generator can also generate QR code so you can scan it with any device that supports QR Code decoding such as a Windows Phone.

Avast Antivirus Download Center- The Avast Antivirus Download Center App allows for easy access to downloads of PC security products from Avast product portfolio. It also streams the latest security news from Avast Blog directly into your windows 10 PC.

Touch VPN- Unable to access some websites or apps? Worried about unprotected Wi-Fi hotspots? Want to be anonymous and protected from surveillance and hackers? Touch VPN – the Secure VPN Proxy– is the best solution for you!


If you would like to educate yourself in more detail about the information presented in this blog post please visit: 5 top-rated free security apps

5 New Tech Tested Products for Your Business

Ever wondered what the best in tech products are at this very moment? The experts at Network World weigh in and give us a little glimpse of the newest innovations on the market.

Vidder PrecisionAccess – By rendering applications invisible to unauthorized users PrecisionAccess does a fantastic job at preventing application hacking. Even with stolen credentials hackers can’t access protected applications with unauthorized devices.precision-vpn_clip_image002

VeloCloud SD-WAN – VeloCloud provides a hybrid WAN solution that works with MPLS private links as well as ATT-U-Verse with cable or any broadband DSL links. One tech pro reported an increase from almost zero network visibility to nearly 100% network visibility. A great tool for IT management across multiple locations without staff needing to be onsite at all times. Facilitates communication and network visibility.  velocloudlogo

Cisco Identity Services Engine (ISE) – With so many features that help with managing user-facing ports and devices, whats not to love about Cisco ISE. One huge factor reported by tech pros is the integration of TACACS within Cisco ISE, making it easy to run Cisco ISE as a Radius server or TACACS server for network devices. In addition to this, Cisco ISE significantly improves management of devices especially restricting machines from devices and sites they are not permitted to visit.Cisco_ISE

 

 

 

 

 

 

 

 

Intermedia SecuriSync – For backup and file sharing SecuriSync is the way to go. As a two-in-one tool for consolidated file backup and management of continuous file backups, Intermedia SecuriSync makes relevant files easier to access as they are all stored in a secured shared folder. If you have team members spread across different locations, this tool is very helpful in making sure the data is always backed up and kept secure. One platform with a master source keeps project collaboration as safe as it can be.securisync-logo-247x300

OpenSpan Transformation Platform – OpenSpan collects all employee desktop activities both productive and nonproductive, including time away from the computer. This platform allows businesses to evaluate from employee activities how employees work best and what can be improved upon in order to drive down operational costs and maximize revenue. Providing data about employee activities takes away the need for manual employee logs. Lack of employee logs that need to be analyzed by supervisors for key performance indicators (KPIs), such as call volumes, proves to be a huge time saver. OpenSpan Transformation Platform takes working smarter to a higher level.

yKVWo9CQ_400x400


If you would like to educate yourself in more detail about the information presented in this blog post please visit: Fave Raves: 29 tech pros share their favorite IT products 

Software Defined Networking – 5 best practices

software-defined-networking_sdn

Software Defined Networking, (SDN) provides cost-effective, easily adaptable management of network control and forwarding functions. In simple terms, SDN is the physical separation of the network control plane from the forwarding plane, where a control plane controls multiple devices. Software Defined Networking is an emerging technology and therefore lacks long term examples to be used as a guideline for success. Greg Stemberger, Principal Solutions Architect, has laid out what he has seen in his experience with SDN, creating a five step process for best practices of implementation.

The first step, as it most often it with any new technology employment it to define usage. Bringing in a new technology for your company is only helpful if the technology fits the needs of your organization. Determine the problems your company is facing and proceed to evaluate whether the desired technology will be able to handle and alleviate such problems accordingly. No one technology will be able to solve all your problems. Identify specific problems you believe SDN can fix, specifically just one problem at a time. As Stemberger suggests, “A single use case with tangible, positive results, offers more reliable, measurable outcomes than implementing SDN across your entire network.”

It is crucial to assemble a cross functional team with SDN. Utilizing SDN in the correct manner means having a skilled team with a united approach. A team of well versed members is the best way to manage SDN. You need people who can combine skill sets to work together. Increasing efficiency lets you IT staff spend more of their time on you IT infrastructure rather than operational overhead. Get everyone on the same page, toward a universal goal.

Remember to test in a less critical network area. This is common sense for most. Find a less critical network that you can play with first before moving to your network. This way you avoid uprooting your entire network and facing the wrath of angry coworkers. A small-scale SDN test allows the flexibility to learn and make mistakes.

After testing for a while, make sure to go over the data you gather and review your test case. Did it solve your current problem? Is it a wise investment to expand SDN to the entire network? Do you have the infrastructure ready on both a personnel and technical level?

As a gentle reminder that it’s okay to stay on the cautious side, it is suggested that you gain maturity before expanding deployment.  Rather than diving head first, proceed slowly and make the implementation gradual. Even if the SDN went better than expected in one area of the network, this is not a gurantee that the entire network will function at the same caliber. How will SDN performance change across higher trafficked areas of the network?

These steps are meant to evaluate risks, gain perspective and ensure efficiency. In order to get the most out of Software Defined Networking, it’s best to get all your ducks in a row.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: 5 steps to launching Software Defined Networking

ATM’s – The Next Target For Hackers

Use of outdated operating systems like Windows XP and lack of security means it’s still possible to crack ATM security, warn researchers.

As one of the millions of people who frequent their banks ATM at least once a week, the last thing on my mind is usually the security of the operating system. But when you think about the foundation of the machine taking your card and spitting back cash, you’ll realize this machine is just a PC running on old software. Easily susceptible to malware. Not comforting.

There was a 15 percent jump in ATM fraud activity between 2014 and 2015 and researchers believe statistics will only increase. Within this time cyber criminals were able to get their hands on more than $150 million. Researchers credit security vulnerabilities to the use of outdated platforms that no longer receive patches and fixes such as Windows XP.

“If we think of a modern ATM as a MS Windows PC with a money box attached to it that’s controlled through software, it is easy to see how it becomes an attractive target for any malware writer,” Sancho and Huq said.

Trend Micro and Europol’s European Cybercrime Center (EC3) discovered two main malware threats that either provide hackers with the card details of the user, or give the hacker privileges to dispensed cash. Most worrisome is the lack of extreme measures hackers have to employ in order to infect ATMS. Simply put all hackers have to do is install malware onto the machines via a USB or the CD- drive.

At the moment, malware ATM fraud has only been reported in international cases, Eastern Europe and South America. Despite little activity in the United States, authorities are aware of increasing malware ATM concerns and are monitoring cyber criminal forums for activity.1447059385670243


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: A Windows PC with a money box attached: Why hacking ATMs is big business for criminals

Who’s in Charge of Your Cybersecurity?

 

The first step in successful cyber-security is getting every employee on board. It is pretty obvious that some hardware goes into creating a security shield around important data. As an Information Technology company ourselves, we already know the value Firewall, and anti virus software have on making your network more secure. However, in order to adopt a more proactive protection policy, the groundwork needs to be laid, starting with company culture and communication. It is increasingly important to enforce awareness and education in order to save a lot of headache later down the line.

The CEO of the company needs to take interest in cyber-security before any of the employees can get on board. Simple risk analysis is a great start. Buying products online is not sufficient. A knowledgeable IT professional should be on hand. You need someone who is going to leverage the right equipment as well as set security measures that fit your establishment.

“The cyber threat cannot be solved by buying products” says Tim Holman, president of the Information Systems Security Association in the UK. Holman has the right idea, if your company is not equipped with the right skills to manage these products they are basically junk. It is important to attack cyber-security the way a hacker does. Common sense leads us to find that reducing the amount of sensitive data stored will always be a great measure. Restricting access to information and getting cyber liability cover is another way to lessen the probability of attack.

As information continues to flow in and out of your business remember that with any exchange over the internet comes a great deal of risk. Ensure your company professionals understand how to practice good security efforts. Never open an attachment that is unfamiliar, back up data in two separate places, and utilize solid Firewall and anti-virus software. Keep all platforms up to date with the latest patches and security fixes. Top to bottom, cyber-security is the responsibility of all.bva_withninja_teal-centered

 


 

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The CISO, the CIO, the CEO, or you: Who is really responsible for cybersecurity?

The Newest Security Trend – Rewarding Hackers

hacker-malware

There is always that one superhero willing to play nice with the villain. In the world of tech hackers, HackerOne is that superhero. HackerOne acknowledges that modern security is hacker-powered. They have created a platform for vulnerability coordination and bug bounty. In other words, HackerOne works with hackers to find security holes in your company, because to be honest, who better to trust than the villain himself!

HackerOne facilitates communication between hackers and companies. If a hacker does find a bug, HackerOne works as the middleman ensuring the company pays the hacker for the discovery, charging 20 percent commission of the hacker’s pay out. Companies such as Uber, Dropbox, Square, Snapchat, Airbnb, Vimeo, have all joined the HackerOne movement.

Bugcrowd works similar to HackerOne, bringing together good hackers with companies looking to verify their security systems. In comparison to HackerOne, which rewards hackers with a payout decided by the company in question, Bugcrowd works on a subscription basis. Charging a service fee or a project-based charge, Bugcrowd provides market rate suggestions for rewards and manages all payouts for their companies. Their companies consist of AT&T, Dropbox, Facebook, Etsy, Paypal, Twitter, just to name a few. As you might notice, some of the companies listed are clients of both HackerOne and Bugcrowd.

Google, of course, has a public bug bounty program of their own, that offers up to $100,000 for hackers who find vulnerabilities in its Chrome software. Although the reward amount depends on the size of the bug, the rewards are substantial enough to keep hacker interest, ranging from a few hundred dollars to several thousands.

Opening a bug bounty program to the public, puts forth the message that the company values the security of its systems and lessens the likelihood of malicious activity. Despite strong efforts to keep systems secure, no one bulletproof organization exists. In the fight against hackers, a little incentive goes a long way toward a more secure system.

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Meet the Middlemen Who Connect Hackers for Hire With Corporate America