Which Type of Hacker Is Endangering Your Business Data?

Your data is pivotal to running a successful company. If you don’t have proper security measures in place, hackers can easily steal your data and take you out of business. Cybercriminals might be the biggest threat facing your company. Besides gaining access to your money and accounts, they can also take over critical software, preventing you from collaborating with clients.

Any organization can fall victim to hacking. However, small and medium businesses are particularly at risk. Why?

Too often, their owners don’t always address cybersecurity when launching their company. Sometimes, they even just hire the first IT service provider they see. They also don’t know how to shield themselves from online attackers, making them low-risk targets.

As a result, these organizations often go under due to the loss of sensitive data. It isn’t a risk you can take.

The 5 types of hackers to watch out for

Here’s a quick list of potential hackers, depending on what they’re after:

#1. Hackers Who Are After Personal Information. Many hackers are dying to get their hands on the personal information of your clients and employees. It includes birth dates, financial data, and social security numbers.

Social security numbers might be the most valuable asset they want to get ahold of since cybercriminals can use them for various purposes. For instance, they can perform tax fraud, open credit accounts, and make other significant identity breaches. In addition, financial data can be utilized for fraudulent activities and purchases, especially if it lacks robust digital security systems.

#2. Hackers Who Want to Get Into the Digital Infrastructure. Storage and data servers are expensive – and hackers know that.

In order for them to cut costs, hackers may aim to store their applications and data on your infrastructure instead. The better your infrastructure, the more likely cybercriminals are to target it. This can strain your network to the limits and have devastating effects on your business.

Unsurprisingly, tech companies are some of the most common victims of this type of hacking.

The common indicators that a hacker has tapped into your digital infrastructure include:

  • Running out of storage faster than usual
  • Your network suffers slowdowns
  • You may have unknown devices on your network.

#3. Hackers Who Are After Confidential Information. Few business aspects are as important as your intellectual property (IP). Your products and services enable you to stand out from the competition and strike a chord with the target audience.

A huge problem arises if hackers steal the design of your upcoming product before you launch it or submit your patent. A competitor may obtain the information, allowing them to hit the market first and undercut your sales.

#4. Hackers Who Want to Get Account Data. Sure, you and your IT service provider might have done enough so that hackers might not be able to obtain financial data. But are your employees’ accounts secure?

If hackers compromise them, they may let them run scams and gain information to disrupt your operations.

For example, losing CEO login credentials can be devastating. Besides granting hackers access to sensitive information, it also helps them impersonate the CEO. In return, they can solicit information from employees or clients and halt your operations. This data breach can lead to widespread confusion, tarnishing your reputation.

#5. Hackers Who Aim to Have Network Control. In some cases, hackers aren’t after data. Instead, they want to gain control of the entire network. And to make it happen, they launch ransomware attacks.

These activities enable them to lock you out of the system and make data inaccessible until you pay a ransom. They’re typically initiated through spam, phishing emails, and online ads.

The average ransom amount stands at approximately $30,000, but the loss caused by business disruption is much more significant.

Heads Up: Hackers Are Exploiting Email Forwarding Rules

Mark Funchion is a network technician at Tech Experts.

The ways in which hackers attack accounts are endless, and a lot goes into keeping your accounts both safe and usable.

A newer attack style that is being used (and one we have personal experience with resolving) is the manipulation of email forwarding rules.

Email forwarding rules are rules that are set up in your inbox to forward a message to another mailbox as soon as it arrives.

The danger for the email owner is that these rules can also clean up after themselves by deleting the message, preventing a copy of the forward from showing in the “Sent Items” folder, and deleting the message from the “Deleted Items” folder.

If a hacker takes advantage of this, then all your email will be sent to and read by someone you do not even know.

Think about the items in your inbox, especially the ones that are sensitive and/or confidential. Can you risk there being a period of time where your messages are being forwarded without your knowledge?

Also, as the hackers are good at cleaning up and hiding their tracks, you need someone with the experience and expertise to resolve this for you if it does occur.

One of the big dangers with this attack style is that changing your password or adding two-factor authentication will not stop the current breach once the rule is in place.

Forwards will continue to be sent because the rule is not password dependent. It’s the same with two-factor authentication; if you enable this after the rule is in place, it will not do you any good.

There are steps that can be taken to prevent these types of attacks, however most of them are not settings that an end user would be familiar with.

It’s important to not allow forwarding to occur to email addresses outside of your domain, and relatedly, it’s a good idea to allow the full sync of settings between the web client and the local desktop client.

For example, Office 365 by default will not sync these settings, so if someone gains access to your email and creates a forward on the web page, you and your IT department will not see it if they look in your Outlook client on your local computer.

These rules can be hidden if the hacker knows what they are doing. This means a quick open-and-check-if-a-rule-exists is not sufficient. Steps need to be taken to make sure there are no rules, not just a lack of visible rules.

Checking for these rules if there is a suspected breach is critical because of another potential problem: if you do a password reset on another account that you are concerned about (for example, your bank because you use the same password), that email with details gets forwarded to the hacker and they may be able to gain access to that account.

Hackers will continue to evolve as they need to. As this exploit is discovered and procedures are put in place to mitigate their effect, the next exploit will be used and the cycle will start again. Having a partner to help you navigate through all these potential issues is essential.

Being aware of these exploits, watching for new ones, and making necessary changes to keep your business safe is a big part of what Tech Experts does.

Handling these concerns is part of our core business, giving you the peace of mind to handle your core business.

Top Concern For Small Businesses? Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While some might assume that fear of an economic recession would be at the top of the list of key issues small business owners concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity.

This is no surprise.

For the past several years, cybercrimes and data breaches among companies large and small, governments, and even individual citizens have risen drastically.

While it’s true that many business owners still assume a data breach at their own company is highly unlikely, with the ultimate price tag of such attacks ramping up to the millions of dollars (and recovery being hardly successful), it makes sense that companies are taking notice.
[Read more…]

Do You Have A Blind Spot In Your Security?

Security is only as good as its weakest link — one blind spot and a company can be compromised. It is important that each aspect of a company’s security is understood and up to date.

With the following best security practices, it can be better understood what to be aware of and how to better advance a company’s security.

From remote hackers, to in-person social engineering, and even your own e-mail, there are different methods of attacks and means of defense to maintain a company’s integrity.

Physical Security
The basic defense that predates IT security is physical security. Locked doors, restricted access, and watch patrol are some of the oldest methods to prevent aggressive physical security breaches.

Technology has only made physical security even better with security cameras, alarm systems, RFID badges, and biometric systems that identify a person from their physical being. Having the appropriate physical security is key to preventing and deterring break-ins and stolen items.

Social Engineering
With the right words and story, some people gain access to compromising areas and information that can give a company a real bad time.

Without a physical break-in or even a computer, social engineering works against human psychology, finding the vulnerabilities of staff and workers to trick and deceive their way past security. The best way to defend from this is to have a strong and easily understood security policy that educates staff and workers not give out credentials and access to unauthorized personnel.

Billions of emails are sent out every day — promising a vacation, warning people about their bank accounts, or asking for charity — that are entirely design to steal or compromise a person or company. Phishing targets everybody, asking for credit card numbers, asking a person to sign in to their account on a fake site, or taking something in other ways.

Do not open emails or download email attachments with suspicious or unknown origins. If an email looks odd or is too good to be true, call or check a website directly to confirm if an email is legitimate.

Clicking or falling for phishing could end with a stolen identity, stolen money, or a locked PC or network demanding ransom money. Be smart and wise about checking emails.

There are people that spend most of their day trying to break security codes, finding software loop holes, and other abstract means to force their way through digital security to gain illegal access to computers.

There are just as many (if not more) people working together to prevent such people from ever gaining access with new security measures and patches. To protect a PC or a company from hackers, always update your security definitions on Windows and antivirus software. Knowing what software to trust and what updates are needed are important ensuring digital security. We at Tech Experts make it our business to keep digital security online and updated at all times, so that no one has to fall victim to the unseen security threat.

Being aware of these different security risk and knowing how to defend from them can give a strong basis in understanding and learning in what needs to be done to keep a company or person secure.

Security is always evolving and changing, but having a modern understanding with security in place can make the difference between a secure environment and a risky work place that could come to a grinding halt when security is breached. Be safe, be smart, and be productive with good security.

Don’t Pay A Ransom To Get Your Data Back

Michael Menor is Vice President of Support Services for Tech Experts.

Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline).

In both scenarios, hackers are looking for the victim to pay up…or else. Should they?

The answer should be obvious: absolutely not.

However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.

For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a countdown to when their data will be deleted.

With DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.

Before reaching for your credit card to pay a hacker’s demands… stop, take a deep breath, and think objectively about the situation.

What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack?

This guarantee is only as good as a hacker’s word, which is pretty worthless seeing as they’re, you know, criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!

By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts.

Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue.

What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.

Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service.

On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective.

Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations. After paying the ransom, the hackers continued the attack.

Now, consider your own situation. How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll?

For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.

What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at Tech Experts. We’re able to take an assessment of the attack to determine how bad it is and restore your data to a backed up version that’s not infected with malware.

When facing a hack attack, we can present you with all the options you can take – none of which will include paying a hacker money.

Can Your Car Really Be Hijacked?

On your daily commute, imagine your car suddenly not responding to your driving cues. Turn the steering wheel, and nothing happens. Push the brake, and you don’t stop. Few things could be more frightening than hurdling through space at any speed and not knowing what will happen. This scenario may sound like a scene from a science fiction or adventure movie, but it is certainly possible. Wired reporter, Andy Greenwood, recently proved that today’s smart vehicles can be remotely accessed and controlled by hackers.

While the likelihood of someone with the means and know-how to hack your personal vehicle may be low, the mere possibility of it happening shakes our very foundation of how we see the world. After all, there’s enough to worry about when driving: from animals suddenly crossing in front of you to weather conditions with the potential to send you careening off the road. Now, there’s this. Pretty much any device with a CPU is at risk to being hacked and controlled from afar, whether it is a pacemaker or a washing machine.

This is what Andy Greenburg set out to illustrate when he arranged for his Jeep Cherokee to be hijacked by two car-hacking researchers. The researchers were able to gain control of Greenburg’s vehicle, transforming his role from driver to passenger in little time. They turned the steering wheel, jerked on the reporter’s seat belt, and even disabled the brakes using the Internet. Much of the not-so-amusing shenanigans were controlled through Fiat Chrysler’s “Uconnect” feature, which electronically manages a vehicle’s navigation, entertainment features, and more. Basically, a vulnerability in this system let the hackers in.

While it is possible to remotely hijack vehicles without this Uconnect feature, this vulnerability is now well-known and puts certain Chryslers at an even greater risk to this new technological danger. The Uconnect package is an option offered for 2013 through 2015 Chrysler and Dodge cars and trucks, including the Jeep Cherokee, Dodge Ram, and Dodge Charger. The good news is that, if you have a vehicle featuring the Uconnect package, there is a fix that can be installed. Although it is possible to do it yourself by visiting the Chrysler website and downloading it onto a USB drive, this is a job perhaps best left to the dealership.

Tips For Defending Against Social Engineering Attacks

c481198_mby Michael Menor, Network Technician
I just got yet another email from my bank. Or, at least it looked like the bank that had issued one of my credit cards. The email included my correct name and mailing address, as well as a variety of other quality information such as the last four digits of my credit card number.

This may not seem like it is great information, but I regularly change details in my name for accounts, such as using different middle initials, including or omitting part of my first name, or using one of the three different street addresses that will get mail delivered to my home. So when someone gets it all correct, it really is a big deal to me.

According to the email, I needed to log on (yes, convenient link included) and check a fraud alert that was being issued on my credit card by my bank because of suspicious activity.

Again, this did make some sense, because this account was compromised, and I do have fraud triggers set to alert via email and text. Despite the fact that I pretty much always view these emails as suspicious, all in all, it seemed like the type of email that I might not want to ignore.

Except for the fact that the email came to a valid email address which I have never registered with this particular bank. Oddly enough, I have seen this with increasing frequency, and have received both Facebook and LinkedIn notifications with friend/connect requests – with people I actually know – but, both sent to email addresses which I have never registered with Facebook or LinkedIn.

Social Engineering?
Getting a few emails doesn’t necessarily mean I am in the middle of a social engineering attack. The catch here is that the emails contained real information that could only be gathered if someone was working it, so I tend to look a little beyond random phishing. The sender had good information.

A more recent complexity in social engineering is the use of this type of good information in an Advanced Persistent Threat (APT). In this role, social engineering is used in concert with other attack vectors. Information gathered from social engineering is used to target technical attacks, and in turn, information from technical attacks is used to help target further social engineering attacks as an attacker learns more about a set of individuals as well as the entire organization.

The availability of information from public sources like social media allows online research about specific people to be very targeted, further enabling more specific social engineering attacks.

Part of the social engineering attacks that are the most dangerous are those attacks that also try to get targets to execute malicious links or applications, potentially installing malware.

You may recognize a random external email attack that includes a virus or a malicious link. But, how would you respond to an email from your daughter’s college that appears to claim she was being ejected, or an email from a well-known pharmaceutical company that announced recently discovered potentially fatal side effects of a prescription drug that you are currently taking? Personal attacks like this which are tailored to a specific individual have become more common, and we should expect this trend to continue.

Can We do Anything About It?
Since there is no such thing as a personal firewall to help filter out attacks, the single best thing you can do to minimize the chances of a successful social engineering attack is proper awareness. At the same time, some technical controls can help. I have no “magic list” of five things to do, and I know 16 controls can look like a daunting task, but any or all of these things can help reduce the chances of a successful social engineering/phishing attack.

Even starting with one thing that you are currently not doing can help.

1. You should know that social engineering attacks exist. You should also know that attackers are interested in getting personal information as well as corporate information, and that individuals may be attacked through any phone, email or social media account – both work and personal – since personal knowledge can help make targeted attacks more successful.

2. You should be very careful about the type of information you leave in your voicemail greeting. A good default is to leave your first name, and state that you will return the call, without identifying your group.

3. “Extended absence” messages may be necessary, but should be used with care. Consider leaving a “fake” alternate contact name so that a coworker can easily identify that the call came from your out-of-office message. When you’re out and you want callers to reach “Betty Brown” for assistance in your absence, you might leave an outgoing message that says “Beth Brown” instead of “Betty Brown.” Then, when a caller asks for “Beth,” Betty will actually know that this call came as a result of your out-of-office message.
4. To help minimize the ease with which an attacker can identify valid email addresses at your organization, your email server should be configured so that it does not respond to inbound invalid addresses.

5. Make sure that corporate email addresses have little to no relationship with the employee’s user ID. Never make the name in your email address the same as the user ID you use on your internal network. If the user ID that you use to log onto your corporate network is bsmith, do not make your corporate email address bsmith(at)yourcompany.com.

6. You should be filtering attachments on your email and removing attachments with potentially hostile contents, such as executable files. Distributing Trojan horses or viruses via email is a common attack technique.

7. Be aware of company specific jargon. Anyone who uses improper or general information about your company can be regarded as an outsider. Maybe you work for Tech Experts, but everyone calls it “TE.” Using incorrect terminology is a clue that a call may not be genuine.

8. Someone who acts irate or angry and attempts to rush you through a questionable process should be regarded as suspicious. Bullying someone is a common technique to keep a target off balance.

9. Many (not all) data gathering emails come from temporary or “throw away” accounts, such as an account at Gmail or Yahoo. Your staff should be aware that there are a number of reasons an attacker would like to clearly identify valid email addresses and that your staff should consider this in all external responses.

10. Your company should not use or allow the use of external web-based email accounts through the normal course of your business. Do not let employees get used to seeing official email from such accounts (like @gmail.com instead of @yourcompany.com).

11. Your employees should know that no one from corporate IT (or anyone else) would ever call them and ask for their password. Simply put, no employee should ever divulge his or her password to anyone else. Never.

12. You should maintain an accurate and current employee directory with phone numbers. Anyone receiving a suspicious call can ask the caller who they are and consult the phone directory for the name and phone number.

13. Dispose of sensitive material in an appropriate manner. Either use an office shredder or contract with a reputable “secure disposal” company to dispose of sensitive information for you. Yes, “dumpster diving” is real, does happen and does work.

14. The Help Desk can take steps to reduce the number of invalid password resets and snooping attempts.

a. If a user calls from an outside number, the Help Desk’s first response should always be to consult a corporate phone directory for an official work, mobile or home phone number to return the user’s call. Any number not on the list should be considered suspicious.

b. The Help Desk should verify the employee’s full name, with proper spelling, phone extension, department or group. You are trying to add enough information that an attacker would have to be very prepared for the request.

c. The Help Desk should ask the caller for a number at which they can call the user back, regardless of from where the user is calling. A call from anyone who will not provide a callback number should be considered an attack.

d. You may consider having the Help Desk leave a user’s new password in the employee’s corporate voicemail. A valid user should have no trouble retrieving the password. An attacker would have to compromise the voicemail system to get access to the password.

15. If you are being asked to release or reveal something that is clearly sensitive, such as your strategic plan, passwords, pre-release earnings, source code and other such internal information, it should be automatically regarded as suspicious.

16. You should have a plan for how you will communicate internally if you identify that a social engineering attack is taking place against your company.

Does every employee get an email stating that an attack is in progress, and that everyone should exercise additional care? Who should send the email, and what is the final triggering event before a company-wide alert is distributed?

A good social engineer can extract sensitive internal information very quickly, and can then help ensure they make the best use of that information to further additional attacks.

Knowing this, you should understand that a social engineering attack can happen at any time. They don’t happen because you have poor security, they happen because someone else decided you were a target.

(Image Source: iCLIPART)

Tech Support Calling? It’s Probably A Scam Or Hacker

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

For business computer users, the threat of a security breach is a constant worry. The thing is, many systems are secure enough from outside attacks, and many scammers know this.

As a result, scammers have switched tactics and have taken to pretending to be Windows technicians, hoping to get users to give up their credit card information.

This isn’t a new scam. Despite news reports and emailed reminders, some people still fall for the ruse.

Social engineering
These social engineering tricks generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft.

The scammer usually tells you that you need to renew your software protection licenses to keep your computer running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails, the goal being to gain the trust of the user.

Once trust is established, or the user seems interested enough, the crook will offer a seeming sweet deal: They offer a service that makes your computer run like new, usually for a reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having.

They will usually show you the Windows Event Viewer – a part of the OS that shows errors, usually harmless, that your computer has generated.

The scammer will then convince the user that these errors are harmful, and if you have paid, they will make it look like they are cleaning your computer.

If you give them your credit card number, you will likely see ridiculous charges, or even have people trying to access your accounts.

What’s being done?
Governments are aware of this increasingly common trick, and some organizations, like the FTC, have taken measures to shut down scammers.

What can we do?
While action is being taken, these scammers are working hard to steal your credit card and other personal information. To ensure you don’t fall prey to this trickery, these five tips should help you identify when an attempted scam is at play:

  • Microsoft doesn’t call people.
  • Windows Event Manager is a log of errors for ALL programs.
  • Microsoft employees will never ask for your passwords.
  • Most of these scammers operate out of call centers in India, but bill from the US.
  • Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine. If these criminals provide you with a website, do a quick Google search to see if there have been any scam reports.

If you’re concerned your credit card or other information may have been compromised, please call us right away for a complimentary security assessment.