LetMeIn101: How the Bad Guys Get Your Password

by

Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact our experts today! Call us at 478-474-0861.

Are You Sick of Ongoing IT Issues?

by

Like a persistent cough or muscle strain that won’t go away, many IT issues prove ongoing. Every time they come back you think about getting an expert’s opinion. Then, the cough fades, you can walk freely again, or your computers are back up and running. You keep on going. Until the next time. If you’re sick of ongoing issues with your IT, look to a Managed Service Provider (MSP) for help.

There are many IT ailments that can negatively impact your ability to do work. Let’s consider some of the particularly common ones, and why an MSP is the right prescription.

#1 Network and Internet issues.

Business is done online these days. Not being able to connect to the network and slow connections are frustrating. Without the Internet, how can you do your job? You can’t even check and send emails! Let alone access team documents or enter data into cloud-based accounting software. A lagging network also slows down application and data loading time. It may only be a few moments of thumb twiddling. But add that up over several times a day and multiple by employees. You’re looking at a decrease in productivity that adds up.

An MSP has the know-how to survey the IT environment for what’s causing these frustrations. When there’s a problem, they’re at the ready to resolve it and help improve reliability.

#2 Repeated malware infections.

This can mean a couple of things. First, you don’t have effective system and application protections in place. These attacks shouldn’t be able to make it through the door in the first place. With the right firewalls, anti-spam, and protections, you should be able to keep your system on lock down. You don’t have to do this yourself. Your internal IT team has a lot to manage and monitor. Gain expert backup with an MSP reviewing your security protocols to keep the bad guys at bay.

Secondly, educate employees about the dangers of social engineering. Don’t let them keep falling for the pretexts and downloading malicious files. Also, ensure passwords are strong enough to avoid adding another point of entry.

#3 Printing problems.

Many businesses are printing less today, but we’re not done with hard copies entirely. So, when a printer starts whirring, spinning endlessly, or can’t connect, efficiency halts. Know that printers sold at big box stores are consumer grade quality. Avoid printer frustrations with solid business-class printers (which your MSP can identify).

#4 Application overload.

Maybe some of your employees prefer Dropbox. Others rely on their free Gmail accounts. This hodgepodge of options can cause chaos. Staff have difficulty remembering the passwords to all of the accounts they need. So, they simplify, and that makes their accounts more hackable.

Upgrading to business-grade versions of important applications is easier with an MSP. They’ll help identify the software that best addresses your business needs.

#5 Aging technology.

You’ve had your current computers for ages. They are slower than you’d like, but you don’t have the time to look for something else. Plus, you can’t imagine having to learn something new. You’re too busy. But aging tech is more likely to fail, which could prove catastrophic if you don’t have the right systems backup.

MSPs know IT. Based on your individual business needs, they can suggest a plan of attack to update the IT and keep it secure. They can also provide backup strategies to prepare for the worst and recover quickly.

Basically, a managed service provider has your back when it comes to IT. Work with experts who focus on technology day in and day out. You’ll typically save money and gain time to spend innovating in your field.

Gain a competitive advantage with the support of an MSP. Give us a call at 478-474-0861 today!

Do Macs Get Viruses?

by

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cybercriminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The research reflects the reality. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016.

Finding Apple’s Weak Spots

It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.

A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cybercriminal.

In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software.

Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.

A business would want to educate its employees about the importance of:

  • clicking on emails with care;
  • validating the source of any files they plan to open;
  • checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
  • questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.

A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.

Key Takeaway

Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.

Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.

Call us today at 478-474-0861!

Don’t Get Hooked by Spear Phishing Attacks

by

Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.

A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.

By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.

A Convincing, Dangerous Attack

While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.

The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.

Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.

A Trusted E-mail

The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.

Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.

Defending Your Business

The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.

Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.

In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web filtering prevents malicious emails and links from entering the network, shutting attacks down before any damage can be done.

Good Security Practice

As with many types of IT threat, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage spreading across the network.

Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.

Give us a call at 478-474-0861 to audit your security practices. It could be the difference that secures your firm against sophisticated spear phishing attacks.

Has Your Email Been Hijacked?

by

A common complaint by many users in recent months has been spam emails appearing to come from their own accounts. Despite not knowing why, reports of friends, family, and contacts receiving spam email that appears to come from them has worried many people.

Some have had their accounts suspended or shut down by their service providers as a result. For many, this experience can be highly disruptive. It’s a problem that can cause many issues in both your professional and personal life.

The key to defense is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.

Hackers Using Your Email Against You

Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.

One of the most efficient ways they do this is by hijacking ready-made, trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.

Some of the principles which make email fast and easy to use means that details, such as those in the ‘from’ field, are easy to fake. A hacker might change the information supplied to make it appear as if the email comes from anyone.

There’s not much you can do to defend your email against such an attack. However, you can work to verify that an email, even one you expect to receive, does come from the person you believe it to. If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be.

Stolen Credentials

Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers.

The value of these details comes from passwords being unlikely to have been changed, the details attached to them are trusted, and often get hackers access to additional services too.

How To Detect an Email Intrusion

It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.

The first sign to look out for is a large number of unexpected emails in your inbox. These are likely to be replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.

Keep a close eye on unexpected emails appearing suddenly in either your inbox or outbox. A hacker may be spear-phishing someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.

Protecting Yourself Against Hackers, Attackers, And Hijackers

Sometimes your computer might have been compromised to give hackers access to your services. Malicious software may have infected your machine to steal data and infect your contacts.

Take extra care to change your passwords if you believe your email has been accessed by hacker. Use a different, more secure password for your email than you do for every other service. Your email account is often the key to accessing many of the services you use most.

Run a virus scan and maintain security updates if you think your computer could have been infected. Have your machine and services looked at by a professional if you believe there is a risk your data is being used.

If you think your email could have been hijacked, or your details used elsewhere, give us a call at 478-474-0861 to clean up today.

Don’t Fall Victim to Webcam Blackmail

by

Many users have reported recent scam messages from individuals claiming to have intercepted their username and password. These messages often state they have been watching your screen activity and webcam while you have been unaware.

Typically, attackers threaten to broadcast footage to your contacts, colleagues, or social media channels. Demanding payment in Bitcoin, malicious hackers blackmail their victims to keep confidential information private.

Where Have the Attacks Come From?

In many cases where hackers have claimed to have a victims’ password, this has turned out to be true.

In the last few years alone, many large websites have suffered enormous hacks which have released confidential details on many of their users. LinkedIn, Yahoo, and Myspace all suffered massive and devastating hacks. Some users of these services are still feeling the consequences today.

The details leaked from these sites, and others facing the same issues, are sold online for years after the initial breach. Hackers buy username and password combinations in the hopes of reusing them to access services, steal money, or blackmail their owners.

How to Respond

If you have been contacted by one of these hackers, it is a scary reality that they could have access to your credentials, data, and online services.

The only thing you can do in response to this type of email is to ignore it. This “we recorded you” email is a scam made much more believable because they probably do have one of your real passwords gained from a site hack.

That said, accounts that share the same password should be changed immediately. Security on additional services you use should be updated too.

Self Defense On the Web

When using online services, a unique password for every site is your number one defense. A good password manager makes this practical and straightforward too.

Using a different password for each site you use means that hackers can only gain access to one site at a time. A hack in one place should never compromise your other accounts by revealing the single password you use everywhere.

Often, people think that maintaining many passwords is hard work or even impossible to do. In truth, it’s almost always easier to keep tabs with a password manager than it is to use the system you have in place today.

A high quality and secure password manager such as LastPass, or 1Password, can keep track of all your logins efficiently and securely. They often offer the chance to improve your security by generating random and strong passwords that hackers will have a tougher time cracking.

Password management services offer a host of features that help you log in, remind you to refresh your security, and make your safety a number one priority. After using a manager for just a short time, you can be forgiven for wondering how you managed without it.

If you think you might have been hacked already, or want to prevent it from ever happening, give us a call to at 478-474-0861 update your security.

FOLLOW US

Recent Posts

Tags

#bestservice #computerrepair #nocontract #qualitycomputers backup bad hard drive cloud computer repair consumer data loss data recovery email Hacker msp new computer new laptop online safety QualityCareSuite recover data remote support repair sale scam service small business Webcam