July 2nd, 2014
In the fall of 2013, hackers infiltrated Target’s point-of-sale system and were able to steal credit card information from thousands of customers. That large scale attack prompted a re-evaluation of security by most companies to attempt to better protect customer data at its most vulnerable points. As Jaikumar Vijayan reports for Computer World, however, more businesses were recently victimized by a similar POS attack that compromised customers’ credit card information.
Information Systems and Supplies (ISS) provides POS systems to restaurants in the northwest. Recently, they informed customers that those systems may have been compromised, which may have led to the theft of customer’s credit card information.
The breach in security stems from attackers gaining access to ISS’s admin account, which allowed them to log-in remotely to ISS customer servers and PCs. Through remote access, data stealing malware was planted on the POS systems, which is capable of stealing the numbers of any credit card used between since the end of February.
It’s unclear exactly how hackers first gained access to the ISS admin account, but it’s believed to be fallout from a phishing scam.
One password was used to log-in to each POS system managed by ISS before this attack. Since learning of the breach, ISS has instituted unique passwords for each customer system.
This attack holds lessons for both individual users and businesses. This is an example of why reusing passwords, or using a single password to access an entire network, is dangerous. If one password is all that stands between an attacker and all of your most important data, you’re likely to suffer a catastrophic attack. It’s important to implement multiple passwords, two-factor authentication and other security measures.
Last year, nearly two-thirds of successful data breaches were caused by security vulnerabilities introduced by third party applications. Many businesses assume that third party software is secured and maintained by the vendor who supplies it, but that’s not always the case. Unfortunately, this mistrust leads to attacks that are able to use third party software to infiltrate an entire network.
At Geek Rescue, we offer support and service to both individuals and businesses. For help recovering from an attack or improving security to prevent one, call us at 918-369-4335.
May 27th, 2014
Apple devices are extremely popular, which unfortunately makes them a target for theft. To combat this as much as possible, Apple includes features to help users find lost or stolen devices, but these features contain security vulnerabilities of their own. The latest reports, as noted by Loek Essers of TechWorld, center around the “Find My iPhone” feature and a form of ransomware.
When ‘Find My iPhone’ is enabled, users are able to track it to see its current location or lock the device and display a custom message. Users are reporting that their iCloud accounts are being hacked and ‘Find My iPhone’ enabled on their own devices, however. A message informing them that they’ve been hacked by “Oleg Pliss” is displayed and a $100 ransom is demanded.
Users have also reported that while they’re able to log-in to their Apple accounts, they’re unable to disable Lost mode and unlock the device on their own.
At least for some of the victimized users, the problem may stem from the eBay hacking from earlier this month. Some users admit they use the same passwords for their Apple account as they did for eBay.
For now, Apple has been silent on the issue and hasn’t officially suggested a way to unlock hacked devices. The only fix to be found so far is to restore the device to factory settings.
It’s not just iPhones that have been affected either. All Apple device have a similar feature to help find them when they’re lost or stolen and all are vulnerable to this same ransom tactic. So far, users in Australia, Great Britain and Canada have all reported being hacked, but no users from the US have had the same problem.
Before the problem spreads to the US, it’s a good idea to change your passwords, especially if you held an account at eBay that may have been compromised.
If any of your device are hacked, infected with malware, or break, bring them to Geek Rescue or call us at 918-369-4335.
May 21st, 2014
A typical internet user has too many online accounts to manage a unique, strong password for each one. While passwords are still the primary form of security for many important online accounts, being able to realistically keep track of a different password for all of them, which is recommended, is nearly impossible. Ian Barker of Beta News published some tips on how to keep up with passwords when there are seemingly too many to manage.
A recent survey revealed that more than half of internet users have more than 20 active online, password protected accounts. Another 27-percent have between 11 and 20 online accounts. Can you keep 20 different passwords of varying length and using numbers, letters and symbols straight? For that matter, can you keep 11?
For most of us, the answer is a resounding ‘no’. This leads to bad habits. Reusing passwords is common. Using easy to guess passwords is too. This leads to accounts being compromised, which leads to identity theft and other serious problems.
One answer is to use a password manager. There are plenty of trustworthy managers available that will store all of your passwords behind one master password. Many managers even log you in automatically to your accounts. Less than half of internet users are using password managers, however.
The other option, and one that is much more realistic than keeping track of dozens of different passwords for different accounts, is to identify which accounts hold the most valuable information. Banking and credit card sites are obvious choices for your strongest passwords. Don’t overlook ecommerce sites that have your credit card information, address and other personal information stored on them. Also, consider how costly it would be for a criminal to gain access to your social media accounts. Finally, your primary email address, which likely is the destination for password reset messages from other accounts, is vital to protect properly.
Each of these accounts demands a long, strong, unique password to minimize the risk of it being hacked. Some, like email and social media, can even use two-factor authentication to up the security ante even more.
Other accounts, however, don’t need as much attention. An account for a message board, news site or other site where a username and password are the only information at risk don’t necessarily need strong, unique passwords. If these accounts are hacked, you won’t lose much.
For many users, concentrating solely on their most valuable online accounts limits the amount of important passwords to less than ten, which is much easier to manage.
If you’ve been the victim of an attack and need help recovering or help improving security at your home or business, call Geek Rescue at 918-369-4335.
April 9th, 2014
Recently, you may have noticed the scores of headlines reporting attacks on wireless routers. Major brands like Linksys and Asus have been plagued by attacks and experts are speculating that attacks on these devices are becoming a trend. Lucian Constantin at ComputerWorld reports on the details of why wireless routers have become such a popular target of cyber attacks.
The most obvious target of attacks is your computer. It contains a wealth of information that could be valuable for criminals to steal and processing power that attackers can harness. Because computers were being targeted by such a large volume of attacks, security began to improve. Not just in the form of antivirus programs, but even in the way operating systems and other applications were built and updated. Suddenly, it was much more difficult to attack a computer directly.
While hackers began developing more intelligent threats, most attacks will target the path of least resistance. That is no longer a user’s computer. Now, that’s a user’s router.
Wireless routers haven’t been the target of many attacks in the past, so manufacturers and users have not made security a priority. This has made attacking them now relatively easy. In fact, security flaws that haven’t been available to attackers for more than a decade are often still open on wireless routers.
In addition to the relative ease of access, attacking wireless routers allows criminals to access every device connected to them. Now, instead of using a targeted attack to infect one computer, a single attack targeting a router can infect every device in the home, which could include laptops, smartphones, tablets and even TVs, DVRs and other internet ready appliances.
Adding to the problem is the fact that routers aren’t updated automatically, which leads to many of them being extremely outdated from a security standpoint. They aren’t being made securely in the first place, but when a vulnerability becomes public, the patches and updates that are released aren’t being widely implemented. This is true of most applications that require users to actively search out an update and manually install it. In the case of routers, it requires some technical expertise to change settings and update. Many users fail to even change their router’s name and password from the factory default.
The first things for users to understand is that their router is vulnerable. It does need to be updated periodically and needs to have a strong password associated with it. For those who are capable, it’s a good idea your router’s admin interface unavailable from the internet.
Creating an effective security infrastructure requires securing a number of potential attack points. For help improving security for your home or business, or for help recovering from an attack or malware infection, call Geek Rescue at 918-369-4335.
March 21st, 2014
There are many tools and applications available to keep your information and your network safe from attacks. When it comes to online accounts, however, security starts from the user’s end with effective passwords. A strong password doesn’t guarantee that your account will never be compromised, but it does protect you from a number of attacks a weaker password would succumb to. At About, Andy O’Donnell explains the characteristics of strong passwords so you can create one for all of your online accounts.
Do’s
Most brute force attempts at cracking your password involve guessing off of a set list of common passwords. The more random your password is, the less likely it will be guessed by an attacker.
Random is good, but not if it’s still overly simple. Passwords that only use letters or only use numbers are much easier to crack than those that use both. Adding symbols into your password will further strengthen it.
Longer passwords take much longer to crack than shorter passwords. The reason is simple mathematics. When a password is 12-characters long, there are 12 different blanks to fill in and millions of different combinations. A password that’s only 5-characters long drastically cuts down on the number of combinations possible.
Don’ts
Everyone has so many accounts online, it’s almost impossible to remember a unique password for each one. That’s why many users opt to use the same password for multiple websites. That creates the possibility, however, that if one of your accounts is compromised, all of them will be. Some sites don’t use as robust security as others. So, using the same password for your bank as you do for an online message board is creating an easier path for criminals to infiltrate your bank account.
Everyone knows that ‘12345’ is a weak password, but some users believe that “qwerty” is strong. It isn’t an actual word, but attackers know this is a popular password. If typing your password forms a pattern on the keyboard, it’s likely going to be guessed in the case of an attack.
Many websites have started demanding users use longer passwords by implementing a minimum character length. To get around that, some users simply put in the same password twice. That breaks a number of these rules, however. It forms a pattern and isn’t random.
There are a number of ways a criminal can break into one of your online accounts. More intelligent attacks are even able to circumvent the number of failed log-in attempts some sites limit you to. To stay safe, you need a strong password that’s changed regularly.
If you are the victim of an attack and need help getting rid of malware or implementing better security, call Geek Rescue at 918-369-4335.
March 18th, 2014
Phishing scams are a common threat of the internet. If users aren’t careful, they can easily be tricked into giving away log-in credentials and other valuable information without even realizing they’re being scammed. At Gizmodo, Adam Clark Estes reports on one of the latest and trickiest phishing scams to hit the web.
The reason this scam is so tricky is because it manages to avoid some of the usual tell-tale signs of phishing. It begins with an unsolicited email arriving in your inbox. The email has the subject line “Documents” and contains a link to Google Drive. On the surface, receiving an email from someone you don’t know that’s called simply “Documents” sounds suspect. But, the Google Docs link is legitimate and points to a google.com URL. What’s the harm in following the link and finding out if this document is really meant for you?
Unfortunately, that’s the thinking of many users. When you follow the provided Google Drive link, you land on an official looking Google log-in page. In fact, it’s an exact replica of an actual Google log-in page. The only difference is that it asks you to enter both your email and password, even if you’re already logged in to your Google account. Many users won’t think twice about entering their information, but noticing this subtle inconsistency is key to avoiding a scam.
Logging in to this spoofed page does take you to a legitimate Google document, but attackers already have your password.
This is another example of how online threats are becoming more intelligent and harder to avoid. For phishing scams like this one, it’s important to remember to avoid following links in your email. Many times, you can visit a website directly, rather than following a provided link. This way, you’ll be sure to land on the actual site rather than a malicious copy.
This scam uses Google Drive because users trust a page with Google’s recognizable logo and branding and because users can’t access a document in Drive without following the link. If you receive an email inviting you to view a file in Drive, be sure you verify who sent it before following the link.
If you’ve been the victim of an attack and need help recovering data, removing malware or improving security, call Geek Rescue at 918-369-4335.
March 17th, 2014
Each year, people gather in Vancouver for what’s called a hackfest. Experts attempt to break through the security of popular applications to reveal potential vulnerabilities. This year, web browsers were the focus with each of the most popular browsers being hacked successfully with at least one exploit. As Sebastian Anthony of Extreme Tech reports, Mozilla’s Firefox experienced the most security problems and four zero-day exploits were found.
A zero-day exploit refers to a way to successfully attack an application that’s discovered by someone outside of the manufacturer. These are dangerous exploits because they are revealed before the manufacturer has an opportunity to patch them. This leaves users vulnerable for days or weeks.
The vulnerabilities in Firefox are said to allow hackers to “do just about anything with your computer” when attacked correctly. These attacks all stem from convincing users to visit malicious websites specifically created for attacks.
Mozilla’s web browser has always been considered less secure than the other leading browsers. It was first included in the hackfest in 2009 and has been successfully exploited every year except 2011. In the past three years, however, all four major browsers, Chrome, Internet Explorer, Safari and Firefox, have all been successfully hacked at least once. Seeing four successful exploits in a single year is still a surprise.
Experts point to Firefox’s lack of a sandbox for its primary security shortcomings. A sandbox is a way of segregating one application from the rest of the system. This way, a successful exploit on the application doesn’t make the rest of your system vulnerable. Chrome, Safari and Internet Explorer, since version 9, all have implemented sandboxes. Firefox still does not use one, which allows attackers to exploit the browser to gain access to other applications and functions of a user’s computer.
All of the exploits discovered during the three day hackfest are reported to the browser manufacturer so they can be patched. Even so, it’s important to remember that no browser offers you perfect security. All have vulnerabilities that can be exploited if you aren’t careful or don’t have the correct security infrastructure in place.
If you’ve been the victim of an attack of would like to explore better security options, call Geek Rescue at 918-369-4335.
March 7th, 2014
A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.
CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.
Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.
It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.
With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.
Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.
The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.
If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.
February 25th, 2014
There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.
The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.
You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.
Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.
Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.
If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 21st, 2014
DDoS are a very real and potentially very costly possibility for any business. An attack capable of making your servers sluggish or unavailable could hit at any time and you need to plan for it. That involves both setting up a proper security infrastructure and planning for how to recover from and mitigate an attack. At TechWorld, Ellen Messmer published tips for what you need to know in order to be properly prepared for DDoS attacks.
A DDoS attack doesn’t come from nowhere and immediately render your servers useless. Instead, a you’ll be able to spot a surge in activity before any real damage is done. That is, if you’re regularly and properly monitoring traffic. If you don’t know what normal activity on your servers looks like, you won’t be able to tell when things are out of the ordinary. If you spot the early warning signs of a DDoS attack, taking the proper precautions can save you from any down time, or at least greatly reduce the damage done.
- Understand Different Attacks
Not every DDoS attack is created equal. There are variations in scope, with data transfer speeds running as low as 5Gpbs for small-scale attacks and upwards of 100-Gpbs for large scale attacks. Some attack specific applications, while others attack a network, website or multiple servers. The ways they produce the attack traffic also varies. Many DDoS attacks also come in conjunction with other types of attacks and are used solely as a distraction. Understanding the different types of DDoS attacks and being able to tell what type of attack you’re dealing with dictates how best to protect yourself.
Just as the nature of DDoS attacks varies, so too do the motivation of the hackers behind them. As mentioned, some DDoS attacks are distractions for more costly attacks and data breaches. Some extort you for money before they’ll stop the stream of malicious traffic. Some are aimed at specific targets because the attackers disagree with the victim’s opinion, or certain policies. It’s important to try to spot an attackers motivation before they strike. For example, holidays are a popular time for attacks because hackers believe companies will be more unprepared with fewer employees on watch. Similarly, if your company has been in the news lately, there might be an attack coming soon.
DDoS attacks can be extremely costly for companies. Even only a few hours of downtime can mean the loss of thousands of dollars of revenue.
For help protecting against attacks and monitoring for them, contact Geek Rescue at 918-369-4335.