TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

online security

Internet Security: Beware Of “Malvertising”

Michael Menor is Vice President of Support Services for Tech Experts.

As if Internet use wasn’t already troubled with cyber perils, users now have to add “malvertising” to the list of things from which they need to protect themselves.

“Malvertising,” like the name suggests, means “ads that contain malware.” Some mal-ads aren’t dangerous unless you click on them – but others can do “drive-by downloads,” sneaking their malware onto your computer simply because you’re viewing the page on which the ad appears.

While most malvertising is on websites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick to legitimate sites that users routinely visit, like the New York Times, Huffington Post, and Yahoo, as well as routinely-used mobile apps that show ads. Malware-bearing ads can be “injected” either by hacking ads at the provider end or by buying and providing mal-ads. In most cases, there’s no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage
The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card information, and other sensitive data.

It can encrypt your data and “hold it for ransom.” It can, in turn, infect other computers on your network and turn your computer into a “zombie,” spewing out spam and malware to the Internet.

July_2015_MalvertisingLike other viruses and malware, malvertisements take advantage of security vulnerabilities on users’ computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions like Java, JavaScript, and Flash.

How do you know if your computer has been infected by malware? One sign is that your web browser shows unexpected pop-ups or seems to be running slower. But many malware infections remain “stealthy,” possibly even eluding anti-malware scans.

Legitimate ad creators and ad delivery networks are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But, assuming it can be done, this won’t happen for a year or more. The burden is on companies and individuals to do their best to protect their networks, computers, and devices.

What Can Companies and Users Do?
Although malvertising is a relatively new vector, the best security practices still apply; if you’re already doing things right, keep doing them. But what does “doing things right” look like?

  1. Avoid clicking on those ads, even accidentally.
  2. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication from already-infected devices.
  3. Regularly backup systems and critical files so you can quickly restore to a pre-infected state if your systems and data are compromised.
  4. Deploy endpoint security software on every device so that it’s protected on and off the network.
  5. Ensure that all operating systems and client software (especially web browsers) are fully patched and up to date.
  6. If you suspect a computer has been infected, stop using it for sensitive activities until it’s been “disinfected.” Again, many security appliances can help you identify and quarantine infected devices.

It’s unfortunate that even more of everyday Internet use is potentially unsafe, but the steps to fend off malvertising are essentially security precautions that companies and individuals should already be following.

Online Safety: Is Your Website Secure?

Michael Menor is Vice President of Support Services for Tech Experts.

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority.

While more than a few examples of recent breaches may leap to mind, know that these aren’t exclusive to big name retailers who accept credit cards. If you have a website for your business, you may be at risk.

As more and more business is done using the World Wide Web, websites themselves have become increasingly attractive to cybercriminals.

Websites are such a lucrative target for an attack because not only are there so many sites to attack, but an overwhelming majority of all websites can be easily exploited by some of the most common vulnerabilities.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities.

Exploited sites allow the theft of credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

The integrity of the company’s internal network can be affected as well if the website provides access to it.

There are many online services that allow anyone to create a webpage in under ten minutes.

Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities. A few of these vulnerabilities will be discussed.

The Heartbleed Bug is a vulnerability that allows attackers to obtain confidential data such as usernames, passwords, emails, and even proprietary company data and communications.

Even if you think you might be protected because you use encrypted forms of communication, you’re not safe. Attackers will be able to eavesdrop into your communications and steal data from beneath you.

Like Heartbleed, one of the most prominent vulnerabilities affecting web applications is cross site scripting (XSS).

This vulnerability can allow an attacker to hijack web communications. The attacker may target a vulnerable website by tricking the user into submitting sensitive information or performing a privileged action within the target website’s web controls.

Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet — more proof that Web application security is now more critical than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

Denial of Service attacks are centered on the concept that by overloading a target’s resources, the system will ultimately crash.

An HTTP Denial of Service attack can also destroy programming and files in affected computer systems.

In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Websites that can be compromised pose a serious risk and thus serious preventative measures should be taken to combat it.

Scrambling to fix the problem after the fact is costly, stressful, and can potentially result in legal action. Breaches also cause damage to your company’s image and brand, which may be permanent.

Know your vulnerabilities and don’t rely on ten-minute-or-less website creators to keep you safe.

If it’s too good to be true, it probably is.

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

CryptoWall 2.0: Ransomware Is Alive And Well

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

CryptoWall is the latest strain of ransomware to rise to prominence, extorting more than $1 million from victims and wreaking havoc on thousands of police departments, businesses, and individuals across the globe.

On the surface, CryptoWall is similar to its better-known predecessor Cryptolocker, another strain of crypto-ransomware. But there are many differences.

Victims are typically infected with CryptoWall by opening a malicious email attachment, though drive-by-downloads on websites are also possible. The email attachments are often zip files that contain executables disguised as PDFs.

Once infected, CryptoWall scans all mapped drives and encrypts important files. That’s an important distinction: CryptoWall will scan your local drives, but also any server mapped drives, such as an S: or N: drive. [Read more…] about CryptoWall 2.0: Ransomware Is Alive And Well