Cyberattacks

Which Type of Hacker Is Endangering Your Business Data?

April 28, 2022

Your data is pivotal to running a successful company. If you don’t have proper security measures in place, hackers can easily steal your data and take you out of business. Cybercriminals might be the biggest threat facing your company. Besides gaining access to your money and accounts, they can also take over critical software, preventing you from collaborating with clients.

Any organization can fall victim to hacking. However, small and medium businesses are particularly at risk. Why?

Too often, their owners don’t always address cybersecurity when launching their company. Sometimes, they even just hire the first IT service provider they see. They also don’t know how to shield themselves from online attackers, making them low-risk targets.

As a result, these organizations often go under due to the loss of sensitive data. It isn’t a risk you can take.

The 5 types of hackers to watch out for

Here’s a quick list of potential hackers, depending on what they’re after:

#1. Hackers Who Are After Personal Information. Many hackers are dying to get their hands on the personal information of your clients and employees. It includes birth dates, financial data, and social security numbers.

Social security numbers might be the most valuable asset they want to get ahold of since cybercriminals can use them for various purposes. For instance, they can perform tax fraud, open credit accounts, and make other significant identity breaches. In addition, financial data can be utilized for fraudulent activities and purchases, especially if it lacks robust digital security systems.

#2. Hackers Who Want to Get Into the Digital Infrastructure. Storage and data servers are expensive – and hackers know that.

In order for them to cut costs, hackers may aim to store their applications and data on your infrastructure instead. The better your infrastructure, the more likely cybercriminals are to target it. This can strain your network to the limits and have devastating effects on your business.

Unsurprisingly, tech companies are some of the most common victims of this type of hacking.

The common indicators that a hacker has tapped into your digital infrastructure include:

Running out of storage faster than usual
Your network suffers slowdowns
You may have unknown devices on your network.

#3. Hackers Who Are After Confidential Information. Few business aspects are as important as your intellectual property (IP). Your products and services enable you to stand out from the competition and strike a chord with the target audience.

A huge problem arises if hackers steal the design of your upcoming product before you launch it or submit your patent. A competitor may obtain the information, allowing them to hit the market first and undercut your sales.

#4. Hackers Who Want to Get Account Data. Sure, you and your IT service provider might have done enough so that hackers might not be able to obtain financial data. But are your employees’ accounts secure?

If hackers compromise them, they may let them run scams and gain information to disrupt your operations.

For example, losing CEO login credentials can be devastating. Besides granting hackers access to sensitive information, it also helps them impersonate the CEO. In return, they can solicit information from employees or clients and halt your operations. This data breach can lead to widespread confusion, tarnishing your reputation.

#5. Hackers Who Aim to Have Network Control. In some cases, hackers aren’t after data. Instead, they want to gain control of the entire network. And to make it happen, they launch ransomware attacks.

These activities enable them to lock you out of the system and make data inaccessible until you pay a ransom. They’re typically initiated through spam, phishing emails, and online ads.

The average ransom amount stands at approximately $30,000, but the loss caused by business disruption is much more significant.

2021 Cyber Attacks – Lessons To Apply For A More Secure 2022

December 30, 2021

Hackers have hit a wide variety of industries this year, from computer manufacturers to insurance companies, schools to the NBA. A review of prominent 2021 cyber attacks reveals a few common themes. And organizations that apply the lessons learned from these attacks can look forward to a more secure 2022.

No one gets a free pass
It would be difficult to describe the profile of a typical data breach victim in 2021. Large corporations like Volkswagen and Experian got hit. At the same time, even small, low-profile businesses suffered in the Microsoft Exchange and Kaseya attacks. Ransomware crippled hospitals, manufacturers, municipalities, retail and more.

No matter how big or how small, any organization with Internet connections can become a target of attack. Hackers continually hone their skills and add to their toolsets. Consequently, businesses cannot afford to relax their security stance. Get started early on your New Year’s resolutions by committing to invest in cybersecurity.

Apply security patches quickly
When hackers exploited vulnerabilities in the Microsoft Exchange server, they disrupted 60,000 companies and government agencies in the US. Microsoft released security patches quickly. However, many organizations delayed applying the patches. The attack group Hafnium then ran Internet scans to find and exploit unpatched servers.

Take the time to apply software and firmware updates quickly. Take it a step further and turn on automatic updates where possible. This applies not just to servers but to all devices with access to the system.

Step up endpoint security
The rapid switch to remote work completely changed the security perimeter for many organizations, and hackers took advantage. For instance, when insurance giant CNA sustained a ransomware attack, 15,000 devices were encrypted, including those used by remote employees.

When remote work takes center stage, organizations need to strengthen endpoint security. Begin by creating and updating an inventory of all devices connecting to the system.

Enforce strong authentication policies and keep endpoints encrypted. Additionally, monitor the endpoints for unusual activity when connected to the network.

Monitor those business partners
In April, the REvil gang attacked Quanta, a supplier for Apple. REvil used the attack to pressure Apple, claiming to have obtained secret blueprints for yet-to-be-released Apple products. Similarly, parking app Park Mobile suffered a breach because of a vulnerability in a third-party software app.

While strengthening inhouse security, organizations cannot forget about their business partners. Be sure to vet third parties, building security policies into vendor contracts. Then continue to monitor those relationships, including performing regular audits.

Automate the backup process
Fortunately, the list of 2021 cyber attacks includes some positive notes. Attackers hit Polish video game development firm CD Projekt, encrypting devices and accessing source code. However, because the company had quality backups in place, they were able to restore the lost data without paying the ransom.

For decades, security experts have emphasized the importance of performing regular backups. Automating the process takes the burden off IT and delivers peace of mind.

Strengthen authentication and identity management
In April, attackers used a compromised password to access the networks of Colonial Pipeline, disrupting gas supplies and causing panic.

As government officials investigated, they concluded that stronger protections, such as multi-factor authentication, could have prevented the attack.

Identity and access management form a critical component of securing valuable digital assets. Companies should assess and strengthen authentication methods and tighten access controls.

Take protective steps against phishing
According to a recent report on cybersecurity breaches, phishing remains the most common type of cyber attack. For instance, in an attack on Nebraska Medicine, hackers gained entrance to the system and planted malware, eventually exposing over 200,000 patient records.

To protect against phishing and other social engineering attacks, organizations should implement email filtering and continuous network monitoring.

But the most important safety measure remains addressing the human factor with regular, targeted security awareness training.

Treat 2021 cyber attacks as a wakeup call
Reflecting on the high-profile cyber attacks of the past year can provide both the motivation and a blueprint for addressing cybersecurity. And the cybersecurity experts at Tech Experts bring the expertise and tools you need to keep your data and networks safe.

Lessons Learned From The Colonial Oil Pipeline Attack

September 28, 2021

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

May 6, 2021 will be a day that goes down in history. This is the day the Colonial Oil Pipeline went down, causing a nationwide disruption. Even though the pipeline only services a portion of the east coast, the effects of the shutdown was felt across the country.

Gas prices skyrocketed, lines at gas stations were so long it took hours to get through, and gas stations were pumped dry as people bought gas and put it in whatever container they could gather just to assure themselves they would have enough to get through the closure.

If you think about it, this type of ripple effect is not confined to energy and utility providers. While the scale of the effect would not be at the level of the pipeline, the devastation it could leave in its wake for your business and your customers is just as likely. [Read more…] about Lessons Learned From The Colonial Oil Pipeline Attack

Over $1 Trillion Lost To Cyber-crime Every Year

April 21, 2021

$1 trillion! That’s a lot of money. And it’s a figure that’s increased by more than 50% since 2018.

In 2019, two-thirds of all organizations reported some type of incident relating to cyber-crime.

You could make a sure bet this figure rose significantly last year, thanks to criminals taking advantage of the pandemic.

It’s easy to look at big figures like these and not relate them back to your own business. But here’s the thing. The average cost of a data breach to a business is estimated to be around $500,000.

Happy Holidays: The Season Of Cyberattacks

December 1, 2020

The year 2020 has, in many ways, been the year of COVID. Whether or not you have had COVID-19, it is a safe bet that your life has in some way been impacted by the pandemic.

As is usually the case, cybercriminals are at the forefront of exploiting every opportunity they can.

A look at Google trends for coronavirus (https://trends.google.com/trends/story/US_cu_4Rjdh3ABAABMHM_en) shows how prevalent the topic is and continues to be.

This desire for information has led to a third of the cyberattacks in the United States (and a quarter of the attacks in the UK) being coronavirus-related. Like most cybersecurity attacks, these are often of the ransomware variety.

These attacks are increasingly targeting heath care facilities, but anyone can be a target. Since these medical facilities are overwhelmed and COVID leads most of the news today, people are on data overload while trying to manage their immediate concerns – and can become complacent when dealing with potential threats.

As we must remain vigilant in keeping ourselves medically safe, we must do the same to keep ourselves technologically safe. A few best practices are:

• Don’t open an attachment unless you know who it is from and you are expecting it.

• Use the same level of caution with email messages that instruct you to enable macros before downloading Word or Excel attachments as you would with a live cobra. Don’t touch it!

• Use anti-virus software on your machine, and make sure it’s kept up-to-date with the latest virus definitions.

• If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.

• Learn how to recognize phishing:

– Messages that contain threats to shut your account down

– Requests for personal information such as passwords or Social Security numbers

– Words like “Urgent” – a false sense of urgency will encourage you to act

– Forged email addresses

– Poor writing or bad grammar

• Hover your mouse over links before you click on them to see if the URL looks legitimate.

• Instead of clicking on links, open a new browser session and manually type in the address.

• Don’t click the “Unsubscribe” link in a spam email. It would only let the spammer know your address is legitimate, which could lead to you receiving more spam.

• Understand that reputable businesses will never ask for personal information via email.

• Don’t send personal information in an email message.

Tech Experts can assist with keeping you safe by providing support, running backups, and ensuring that your devices and software are up-to-date.

However, even with these safeguards in place, it is important that you do your part and do your best to act responsibly and thoughtfully when dealing with technology.

Messages that ask you to click for COVID news, updates, cures, etc. that you are not expecting should be treated as a potential threat. Obtain news from trusted sites.

While our interest in COVID is high, that is what makes it such an effective method of lowering people’s guards. Relatedly, as we head into the holiday season, watch out for “There is a problem with your delivery – click here” emails and other similar traps.

If cybercriminals, hackers, and spammers can find an opportunity, they’ll take advantage of it regardless of a global pandemic or the holidays. You’ve got enough on your plate; staying vigilant will go a long way in preventing the headaches of cyberattacks or identity theft.

Is There A Hidden Intruder Lurking In Your Business?

November 23, 2020

If you’re like us, you believe you have the best, most trustworthy people working for you.

But have you ever considered the possibility you may have someone unknown hidden within your business, trying to cause a lot of damage and make a lot of money at the same time?

This might sound a little far-fetched. Perhaps something that’s more likely to happen in a film than in your business.

But actually, you’d be surprised. Cyber criminals are targeting businesses exactly like yours all the time.

Because often, small and medium sized businesses don’t spend big bucks on their cyber security. Hackers know this. And will put a lot of effort in to try to exploit that. [Read more…] about Is There A Hidden Intruder Lurking In Your Business?

Targeted Attacks On Small Businesses Are On The Rise

November 23, 2020

Mark Funchion is a network technician at Tech Experts.

Many of us have heard of ransomware. This is an attack where someone gains access to a system and encrypts all of the data until a ransom is paid. Once they get their money, they either unencrypt the data… or not. There is no guarantee that paying the ransom will actually work.

Most attacks in the past, both viruses and ransomware, were the “spray and pray” variety. Basically, the attackers would send out thousands (or hundreds of thousands) of emails and hope that a small percentage of them were successful. This procedure worked, but the success rate was low and the attackers had to have a large volume to make it successful.

The more profitable attacks that are on the rise are targeted attacks. These attacks rely on quality rather than quantity. Research goes into the attacks that then target a single or very few companies. These attackers will even go as far to check a company or institution’s financial information to see how much of a ransom they can expect to get.

In addition to demanding a ransom for the data to be decrypted, there is often a threat that the data will be released if the ransom is not paid. The threat of data being released can lead to the ransom being paid even if the target has a way to recover from the attack.

While many home users would hate to have their data released, it would not be completely devastating in most cases. If you are a financial, medical, or education institution, it could end your business or severely harm it. These institutions all contain sensitive information of their employees and clients.

For this reason, a recent spike has been seen in the UK involving their schools. Attackers are seeing schools as an easier target in today’s environment with the increase in remote learning. Banks and hospitals have been targeted numerous times before, and their main goal is to be as secure as possible, spending large amounts of money on it.

Schools and universities, on the other hand, are concerned with security, but they’re in a position today with COVID where they need to have fairly open access.

As colleges are pivoting to a distance learning model on a scale never envisioned, they have to allow more and more access in. This means more and more devices the schools have no direct control over, creating potential entry points into the network.

Although most of you reading this are not educational institutions, there is no industry or business (regardless of size) that is safe from a potential attack. Having a good network security system in place with effective backups is critical.

Don’t rely only on a day or a few days’ worth of backups either; some attacks will infect a system, then remain dormant for a while, hoping to outlive the backups you have available.

Having a technology partner who understands the dangers and how to recover is essential. You cannot just plug in a firewall and use an antivirus software and consider yourself protected.

Your business should have an incident response plan that includes backups and restore procedures, as well as testing. You also need to make sure you have a procedure to keep all of your systems up-to-date with the most current patches. Making sure any remote sessions are secure and using 2FA whenever possible is another area often overlooked too.

The list of vulnerabilities is endless, but we are here to assist. Let us provide you the security and comfort that your business is protecting not only your data, but your users from a potential breach.

10 Most Important CyberAttacks Of The Last Decade

January 31, 2020

The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:

Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.

Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all. [Read more…] about 10 Most Important CyberAttacks Of The Last Decade

Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

October 18, 2019

Data breach costs are on the rise, with breach-related spending in the healthcare sector reaching $6.5 million on average, an IBM-sponsored report shows.

Data breaches cost the healthcare sector an average of $6.5 million per breach, over 60 percent more than all other business sectors, according to a Ponemon Institute report, sponsored by IBM. Other sectors spend about $3.9 million, on average.

Researchers interviewed 500 global organizations that experienced a data breach in the last year. The researchers found for the ninth consecutive year the healthcare sector is still the hardest hit financially by data breaches.

The costs are directly related to legal, technical, and regulatory functions, including patient notifications, breach detection and response, and lost business caused by reputational damage, loss of consumer trust, and downtime. [Read more…] about Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

« Previous Page