What Could A Cyber Attack Cost You?

January 6th, 2014

Money down the drain

Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.

In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.

It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.

Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.

With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.

There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.

At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.

Yahoo Users Infected By Malicious Ads For Four Days

January 6th, 2014

Malware on arrow

The latest headlines making malware attack concerns Yahoo users. A security firm based in the Netherlands, Fox IT, reported over the weekend that Yahoo’s advertising servers were compromised. Faith Karimi and Joe Sutton of CNN report that malicious ads were shown to a number of users.

Users who visited Yahoo’s website between December 31st and January 3rd are at risk of a malware infection. Yahoo has publicly stated that users in North America, Latin America and Asia were not affected and most infections are limited to the UK, France and Romania.

Those users who were affected were served malicious ads directly from Yahoo thanks to an exploit kit that installed malware on Yahoo’s servers. Researchers warn that users didn’t even need to click on ads to risk an infection. At an estimated 9-percent successful malware infection rate, about 27-thousand users would be infected every hour these ads were allowed to run. Yahoo was not able to remove the malicious ads until they had been displaying for nearly 4-days.

Only PC users were at risk, however. The malware could not infect Mac users or those using mobile devices.

If infected the malware is capable of a number of actions. Click fraud, which consists of malware opening web browsers and clicking on ads to generate revenue, is one of the least severe threats. The malware can also remotely control a computer, disable security software and steal log-in information and passwords.

Even though this particular threat did not seem to infect any computers in the US, it should serve as a warning to all internet users. Yahoo is generally a trusted website, but was compromised by criminals and began infecting users with malware. This can happen to any site you typically visit. In order to stay safe, you need an up to date, trusted antivirus program in place.

If your computer has been infected by malware or you’d like to improve security on your devices, call Geek Rescue at 918-369-4335.

Cryptolocker Copycat Threatens P2P Users

January 3rd, 2014

Working on laptop

Cryptolocker was perhaps the most talked about piece of malware during the final months of 2013. After infecting an estimated 300-thousand computers in its first three months of existence, it should be no surprise that Cryptolocker is now launching copycat malware. John E. Dunn of Tech World reports that Crilock.A, otherwise known as Cryptolocker 2.0 began infecting users just before Christmas.

Security experts say that it’s likely that version 2.0 stems from a copycat rather than the same group responsible for the original Cryptolocker because it’s not as complex. Rather than spreading through malicious emails, 2.0 infects users by posing Microsoft Office or Adobe Photoshop files on peer to peer file sharing sites. This is a much smaller target audience but also makes it less likely that Cyptolocker 2.0 will be reported to authorities.

In many ways, however, Cryptolocker 2.0 performs the same way the original does. After infecting a machine, it encrypts files with certain extensions and demands a ransom to decrypt them. 2.0 targets a wider range of files than the original also. This is likely because of the users being targeted. Music, image and video files are all included on the encryption list.

Cryptolocker 2.0 is also capable of spreading to removable drives. Anything connected via USB could be infected. This isn’t a new capability for malware, but could prolong the malware’s life.

Included in Cryptolocker 2.0 are other components that launch separate attacks. One is used for DDoS attacks. Two others are designed to steal Bitcoins.

Similarly to the original Cryptolocker, overcoming an infection and regaining your encrypted files is difficult. The best protection is to avoid an infection in the first place. Thankfully, in the case of Cryptolocker 2.0, for now avoiding an infection is as easy as avoiding peer to peer file sharing sites. Although, there is always the possibility that other users will be targeted at a later date.

If your computer is the victim of a malware attack, call Geek Rescue at 918-369-4335.

The Dangers Of Having Your Phone Number Stolen

January 3rd, 2014

Dialing smartphone

Recently, social network SnapChat has been making headlines for all the wrong reasons. Nearly 5-million users’ accounts were compromised and criminals made off with usernames and phone numbers. That has left many to wonder, what does a hacker want with my phone number? Quentin Fottrell of Market Watch set out to answer that question.

The most obvious reason why a hacker having your phone number would be a bad thing is the same reason you’re hesitant to give out your number in the real world. They might just use it. Malware and phishing attacks on smartphones increased steadily throughout 2013. When a criminal learns your phone number, you’re significantly more likely to receive malicious text messages. These can either be an annoyance, or a serious problem based on the type of messages being sent and your reaction to them.

Another problem that many users fail to realize is that your phone number is associated with a number of your online accounts. Particularly on social media, knowing a user’s phone number can help you find their profile. Finding their profile allows you to associate their name, birth day and other information to that phone number. Armed with that knowledge, a criminal could easily steal your identity and break into a number of important accounts. Since phone numbers don’t change often, one could argue that they’re more valuable online than even physical addresses and email addresses.

This doesn’t mean that you should never give out your phone number to any website. You shouldn’t make it public on any social media profiles, but there are other instances where it actually enhances security. In the case of two-factor authentication, your phone number is used to a second level of security to safeguard important accounts for email and banking sites. Security experts advise you to feel free to give out your phone number online if it’s for a specific use.

Unfortunately for SnapChat users, there’s no way to use the service without giving up your phone number.

At Geek Rescue, we specialize in security. If you’d like to improve the security at home or at the office, give us a call at 918-369-4335. We also fix devices that have been infected by malware.

How Windows Error Reports Are Helping Hackers

January 2nd, 2014

Laptop with error messages

Windows users have a tool included on their systems that sends a report to Microsoft any time an error occurs. This is to help Microsoft create patches and updates that resolve issues, but as Gregg Keizer of Computer World reports, these error reports are also helping hackers find vulnerable targets.

The problem with error reports is that they’re unencrypted. This means that anyone able to intercept that data on its way to Microsoft will be able to discover a wealth of information about the user and their computer. Information included in errors reports include what software is installed, what version of the operating system is running, the latest patches and updates installed, devices and peripherals plugged into the computer and reports on recent application and operating system crashes. This information has been described as “a blueprint” for how to attack a user and where security vulnerabilities exist.

The most common way to hackers to intercept this information is a ‘man in the middle’ attack, which allows a hacker to ‘sniff’ or monitor all activity conducted over your internet connection and steal any data transmitted.

A German newspaper recently reported that the NSA has already been stealing crash reports to make their attacks more intelligent. While this threat is unlikely to target too many individual users, businesses are certainly at a significant risk.

Windows sends error reports by default, but they can be turned off. Security experts, however, advise against this measure. The reason error reports are valuable to hackers is the same reason they’re valuable to your IT department. They highlight vulnerable areas of your network and help you patch them.

Instead of losing this diagnostic tool, improve it. Rather than sending reports directly to Microsoft, you can direct them to an internal server and encrypt the information before sending it on. This way, even if the report is intercepted, it won’t be able to be deciphered.

If you need to improve the security at your business, or have been the victim of a cyber attack and need help fixing the damage, call Geek Rescue at 918-369-4335.

Beware Of These Devious Online Threats

January 2nd, 2014

Hacker concept

Staying safe online requires the right security tools. It also requires the right knowledge of common threats. Knowing how criminals typically attack your computer educates you on how to prevent those attacks. Roger A. Grimes at Computer World published his list of the most devious attacks currently being used and how to protect yourself from them.

  • Fake WAPs

There a plenty of public places where people typically use free, public WiFi. Unfortunately, networks in places like coffee shops, libraries and airports are also common targets for hackers. They’re able to set-up fake wireless access points, or WAPs, that fool users. Users connect using a network with a believable name, but are actually giving a criminal access to all the data they transmit. This is an easy way for hackers to steal passwords, banking information and more. To protect yourself, be extremely wary of public WiFi. Don’t enter any financial information or visit any sites that require a password.

  • Cookie Theft

Cookies have been used by websites for years to make your browsing experience faster and more convenient. These text files store information so you don’t have to log-in every time you visit the same site, or otherwise streamline your experience. That information is dangerous if stolen, however. Hackers use a number of methods for stealing cookies. When they’re successful, they’re able to immediately gain access to certain sites and sometimes even gain payment information. Make sure that if you have cookies enabled, you’re only using HTTPS websites that use the latest encryption methods.

  • Tricky File Names

This is not only a common attack method, but also a simple one. Hackers use some social engineering to gain more downloads of malicious files and tempt more users to open those files. No one would want to download ‘malware.exe’, but when the file name is something more salacious or relevant to the user, many can’t resist. Some even use false file extensions to confuse users. The full file name may be ‘image.jpeg.exe’. The file is an executable application, not an image, but ‘.jpeg’ fools many users. To protect yourself, don’t download files that sound too good to be true and only download from trusted sources. If you aren’t expecting a file to be emailed to you, don’t open any attachments. Also, be sure to scan anything you download with your antivirus program before you open it.

  • Tampering With Hosts

Windows users have a DNS-related file named ‘Hosts’ in their ‘Drivers’ folder. Typically, there’s no reason for a normal user to interact with ‘Hosts’. It contains domain names that a user has visited and links them to their IP addresses. This is a way around having to contact DNS servers and perform recursive name resolution every time a popular site is visited. But, this opens the door for hackers to enter their own malicious entries into ‘Hosts’. By changing the IP addresses linked to common domain names, a hacker can redirect users to a spoofed version of a legitimate site. These malicious sites usually look very similar to the original, but are used to steal your data. This is a difficult attack to spot. If a site looks different than usual, avoid it. Don’t enter any information on a site that looks different than you’d expect. If you suspect you’re being maliciously redirected, examine your ‘Hosts’ file.

These are only a small collection of ways criminals can steal your data and infect your computer. For help improving your security, or fixing the effects an attack has had on your system, call Geek Rescue at 918-369-4335.

 

Security Flaw In SD Cards Exposed

December 31st, 2013

SD card

If you use a smartphone or digital camera, you’re probably familiar with SD cards. They’re the small cards that store data using flash memory. For most users, they only think about their SD card when they’re transferring contacts to a new phone or removing pictures from their camera. As Stephen Shankland reports for CNet, however, a new technique exposed by security researchers has demonstrated how vulnerable SD cards are to “man in the middle” attacks.

A man in the middle attacks is true to its name. When data is transferred from one location or device to another, a third party intercepts that data in order to monitor, modify or copy it. This allows a criminal to gain access to valuable data like credit card information, or encryption keys. They could also substitute malicious files for trusted files in order to infect users with malware.

The vulnerability in SD cards exists in the cards’ microcontrollers. These are like built-in computers that manage the data stored on the SD card. By reverse engineering an SD card, researchers were able to install and run new firmware on the microcontroller then installed an application that would intercept data being sent by the device.

The specific attack used in the researchers’ demonstration doesn’t work for any flash-memory device because of variations in the microcontrollers, but this example exposes vulnerabilities for all devices using flash memory. This means similar attacks could be used to steal data from solid-state drives or eMMC storage for smartphones.

This is yet another example of the vulnerability of mobile devices. With millions of users and a general lack of security in place, mobile devices are an inviting target for hackers and new threats are emerging all the time. While this particular attack will need a change to the make-up of SD cards to close the vulnerability, other threats need only smarter user behavior. Remember that your mobile device faces the same risks as your PC and protecting it requires vigilance.

If any of your devices have been infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.

The Latest Advances In Advanced Cyber Attacks

December 30th, 2013

Cyber security concept

The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.

  • Cryptolocker 

This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.

  • Supplier Insecurity

This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.

  • The Growth of DDoS

Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.

These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.

For help with your company’s security, contact Geek Rescue at 918-369-4335.

Scareware Observed Targeting Android Users

December 24th, 2013

Virus warning

The amount of malware for smartphones grew exponentially throughout 2013. Because of its open source environment and number of users, Android phones were targeted most. Now, it seems some of the same tactics used for years by cyber criminals on PCs are transitioning to Android smartphones. Satnam Narang reports for Symantec that scareware has been observed attempting to trick users into downloading malware to their devices.

Scareware is a common practice used by hackers. By using social engineering, a criminal convinces a user that they’re facing an impending threat and need to buy or download a product to protect themselves. Usually, the scareware scam involves telling users that there is a virus or malware on their device and offering to remove it.

The latest scam observed targeting Android users involves mobile ads. They claim the user’s device has been infected by a trojan called MobileOS/Tapsnake. Tapsnake is a legitimate threat to Android users that’s been around since 2010, but it’s used here only to make the scam seem more credible. The ads include a button that claims to install a security app on your phone or scan and remove this threat. In actuality, you’re downloading malware.

Avoiding this type of scam should be simple. First, no online ad will scan your device and alert you of any malware it discovers. But, some unsuspecting users fall for it because they’re extremely worried about threats to their smartphone. This particular scareware displays on any smartphone, however. So, even iPhone users will be alerted that their Android device is at risk.

If you encounter on of these ads and are concerned about your phone, run your existing security app or download a trusted one from the Play store. To avoid accidentally downloading a malicious app, never download directly from a website.

If your smartphone has actually been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

How To Fix Android’s Biggest Flaws

December 23rd, 2013

Android with wrench

There are millions of Android users worldwide, but there are also plenty of annoyances that come with using an Android phone. Eric Ravenscraft at LifeHacker listed some of the most frustrating Android features and how to fix them.

  • Battery Life

Your smartphone’s battery dying in the middle of the day isn’t a problem limited to Android users, but it may be the one most complained about. As your phone gets older, the battery life tends to get worse. The obvious solution would be to buy a new smartphone. There are a number of newer options with either larger batteries or more efficient software that extends battery life. Not everyone wants to replace their phone just to get a longer lasting battery, however. And you don’t have to. You could also buy another battery instead. Either a second battery that you keep charged, or a larger capacity battery to replace your existing one. If you’d rather not spend any money, look at removing apps that cause the most drain, or download apps that help you control app’s battery usage. You can also disable bluetooth, GPS and WiFi capabilities when you’re not using them.

  • Bloatware

The apps and features that manufacturer’s load onto phones before you buy them are rarely useful. They’re referred to as bloatware or crapware by most and usually do nothing but take up space and resources. Unfortunately, you can’t always delete these apps, but you can disable them. Go to the app’s settings and you’ll find a ‘Disable’ button that will keep that app from taking up battery or updating. It will still take up storage space, however.

  • Notifications

So many apps are using notifications now that it’s hard to keep up with all of them. If you’re tired of wading through social media, game and email notifications, check for a ‘Notifications’ setting on each app. It may be in the app itself or in the Android app settings. Turning off notifications also reduces battery drain. If you can’t stop the notifications through a settings menu, there’s another way for Android 4.1 and newer users. In your ‘app manager’, uncheck the ‘show notifications’ option and you’re done.

Fixing these annoyances will improve your experience with your Android smartphone. If you have more serious issues, like broken hardware or a malware infection, bring your device to Geek Rescue or call us at 918-369-4335.