Categories
security

Ransomware And Its Impact

Picture this.

It’s another normal day. You wake and head over to the office, grab a cuppa and settle down to begin going about your daily business. You hit the power on button on your computer and instead of the usual login screen you are accustomed to, you are instead confronted by an on-screen message, very likely featuring the image of a large padlock, informing you that your computer is permanently inaccessible until you make a payment via in a prescribed form.

Welcome to the world of ransomware. You have just become a victim.

So what is a ransomware?

Without getting into technical jargon, ransomware is any malicious software program that infects your computer and restricts access either by locking the screen, encrypting files or both, until you pay the hacker that created the program a ransom.

The first such program to be distributed widely was a program known as Cryptolocker in 2013. Thousands of people had their lives disrupted.
Unlike other malware that spies on your computer silently and sends stolen login details and other personal data to hackers, ransomware announces itself. It’s actually quite audacious on the part of hackers.

Like most viruses and malware, ransomware uses many of the same attack vectors. For example, email attachments and links, botnets, torrents and other technical means such as piggybacking on genuine software updates. The recent Goldeneye/Petya ransomware that affected users in late June 2017, gained access to computers via a software update of a popular accounting application in the Ukraine. The hackers somehow managed to infiltrate the software company that designed the program and injected the ransomware into the software update files. Everyone who performed the update caught the infection.

Unlike other forms of viruses and malware, you can’t get rid of ransomware by flashing the BIOS, wiping the drive or returning the computer to a restore point. The hackers make sure you can’t access any of these features. Also, a unique decryption key is created during the install and stored on the hacker’s server. In the event, you fail to pay the ransom in time or the ransomware detects an attempt to tamper with it, a “self-destruct” is triggered, deleting the decryption key and destroying all the encrypted files on the user’s machine. If the ransom is paid in time, the hacker sends the decryption key to the user and the user enters the key in an area provided on-screen. This unlocks/decrypts the files. Ransom payments are usually demanded via digital currency Bitcoin which makes sure the identity of the hacker remains anonymous.

Because hackers have been known to release the decryption key once paid, many people have resorted to paying the ransom rather than seeking other ways to deal with the problem. This has added fuel to the fire because so long as hackers can make money with ransomware, they aren’t going to stop anytime soon.

Ransomware isn’t simply a nuisance. It is a serious security threat that has law enforcement agencies working around the clock to bust hacker rings. While some infected computers are still usable, loss of data has a serious impact on productivity for businesses. Small businesses may never be able to recover if they lost important data.

The best defense

The best defense is data backups. If you have a backup of your data, you won’t have to pay the ransom. You will only lose time trying to get your computer to work properly again. Secondly, install an antivirus program that offers strong ransomware protection and always ensure it is up to date. Don’t ignore operating system security updates. Set your computer to automatically install security updates. And, don’t click on links in emails or open attachments from people you don’t know. Avoid pirated software and torrent sites because these often host ransomware.

Conclusion

If the unimaginable happens and you find yourself having to deal with ransomware, do not panic. Antivirus companies have a number of solutions for the most common types of ransomware. Check out their sites and from another computer and follow the instructions. Unfortunately, if it is a new type, you may have to wait a little longer for a fix. All the same, security researchers are making great strides but it will be a while before they beat the hackers at this game. With ransomware, prevention is better than cure.

Categories
security

Digital Crime – Top Targets are Not Who You Think

Digital crime is a booming industry. Every day we hear of huge data breaches that have exposed the data of millions of a company’s clients. And we’re not talking of a few years ago either. Just last year, the data of 150 million users of the MyFitnessPal app where stolen.

Modern living comes with perks. We’re not likely to have to run for our lives to avoid being eaten by a lion anymore. We get to access information with the click of a mouse and possibly even a voice command. And, how did we ever learn anything before we had YouTube?

Unfortunately, modern living also comes with some downsides. We might not have to run for our lives anymore, and this could actually be a bad thing when it comes to our fitness levels. Our easy access to information and the fact that we live such a large part of our lives online means that our data is under constant risk of attack.

Data Breaches are Serious

If you check out the infographic below, you’ll see that the MyFitnessPal hack was only one of a long line of data breaches. You’ll also see exactly how much the hacks cost businesses annually. Most surprisingly, though, you’ll learn that your typical victim of cybercrime is not who you’d think.

Small Business is a Big Target

Did you know, for example, that cybercriminals target small businesses 43% of the time? That surprises a lot of people, because, naturally a small business won’t have millions of clients. Let’s look at things from the cybercriminals’ perspective, though.

Google would be a far more lucrative target to hack because you could get the details of millions of account holders. The problem is that Google knows this, so they take serious measures to stop hackers from gaining access.

Not only would it take mad skills to hack a large corporate like this, but it would take a lot of time and effort. You are dealing with a company with the resources to hire the best security experts in the world. They spend a lot of money on security products and security awareness training every year.

Now, compare that to the local plumber’s office. Maybe they have the details of four or five hundred people on record. It’s not a huge amount of data, but the security is probably not all that great anyway.

All our hacker needs to do is to hope that someone in the company clicks on the wrong link. Then they can have all that info transmitted to them. It’s an easy score. And, if the malicious software was ransomware, the hacker makes even more money when the plumber pays to regain control of his computer.

Cybercriminals are quite happy to settle for the simple score, even if it means earning less. In the time that it might take them to crack Google, they could easily have scored a similar amount of information from less well-protected systems.

Cyber security infographc

Categories
security

7 Common Mistakes That Can Damage Your Online Privacy

You might think that you’re playing it safe on the internet, but sadly you’re mistaken. The internet today is much more dangerous and poses countless threats from gaining your personal information to stealing your money using your financial details.

Given these countless dangers present in the digital world, many users tend to make small mistakes that could lead to serious problems. In this article, I am going to outline 7 common mistakes that can damage your online privacy. So, let’s get started!

1. Always Using a Credit Card for Online Payments

Why use a credit card for all your online activities and put your money at risk? Hackers can get hold of your financial information and use it for their own advantage. It is so much more sensible to move towards online payment merchants and prepaid cards like Amazon card or Apple Pay.

Limiting the use of credit card makes it less likely for a user to face a big financial loss. Furthermore, these services are often traceable or require certain information that only the original owner may have.

Making payments using these methods can secure you from criminals getting your information. Today luckily, many services are present that offer encryption options and high level of security, such as PayPal and Google Wallet. They not only allow you to make payments locally but work in a vast range of countries.

2. Not using a Password manager

It is highly recommended that all your accounts should have different passwords, because if one is leaked, you are doomed. Owing to the fact that today, we have countless accounts on social media sites and other utility services. This means you’ll have to memorize a dozen or two passwords.

Fortunately, when mankind can reach to the moon, handling passwords isn’t definitely not rocket science. This is where the use of a password manager comes in.

Just create one strong password for your password manager and rest assured your accounts are safe. There are many applications available in the industry now, however, make sure you use a highly recommended and credible application that offers encryption and has features such as self-destruct.

3. Not Using a VPN

A virtual private network is of utmost importance when it comes to protecting yourself online. It encrypts your data, meaning it will be unreadable to any third party. It also masks your location, making it impossible for intruders and surveillance agencies to locate you.

What’s more? With a VPN you can unlock content that is region restricted. The best part is that you could be sitting in the Netherlands and your IP will show that you’re in the United States. However, only the best VPNs can be trusted and actually work.

Make sure to select a VPN that offers wide range of servers, offers apps, and provides AES-256 bit encryption.

4. Connecting to Public Wi-Fi without Security

Public Wi-Fi is like a free cookie! In fact, a free Wi-Fi is actually more important than the food or coffee at a café. But these public Wi-Fi are dungeons for cyber criminals and hackers trying to get lucky.

The best way to protect yourself in such a situation or while travelling abroad is the use of a credible VPN service. Since a VPN encrypts your data, it protects it from the prying eyes of hackers and others alike.

5. Downloading Unreliable Browser Extensions

When you want a particular utility, let’s say an instant PDF converter, you’ll download any extension or software that comes first to you. This is exactly what cyber criminals want you to do. These extensions often contain malware and ransomware. They often steal your credit card information by offering you a free trial or collect the credentials of your social media platforms.

This is why you need to be very careful when downloading extensions on the internet, as they may be a source of malware.

6. Not using a Double Password Verification System

Creating a two-step verification system furthermore protects you, even if your password is extremely hard to guess. A second layer of security is always a good idea and will only protect you.

Even if your password is leaked, the two factor authentication will make sure that no one can access your data unless you verify from both sides.

7. You’re Using Outdated Security Tools

As security threats are being created at an unstoppable rate, the security companies too have to work tirelessly to combat these viruses. It is advisable to update your anti-virus software and other security tools regularly. Keep scans and updates on the auto mode if the software allows so.

Conclusion

The digital platform is the criminal’s new avenue, as all things are taking place online, so is robbery and crime. It is very difficult to catch criminals in the online world, as all data is encrypted and masking yourself is not a difficult task.

Therefore, it is advisable to take security measures on your own and to do them correctly. It is inevitable to avoid the internet and you wouldn’t want to do that either. So take some solid steps and enjoy online freedom the way it was meant to be.

Categories
security

5 Vital Email Security Tips You Should Know

In 2016, the race for the American President saw a popular candidate suffer an unexpected defeat. Hillary Clinton, who was expected to be the 45th president of the United States, lost because of a strange controversy.

The controversy involved her using a private email server during her tenure as the Secretary of State. As expected, the American people were enraged that a government official was using unlawful means to withhold information from them.

However, if this controversy is analyzed through an unbiased perspective, one might consider the fact that Hillary Clinton had her reasons. After all, being the Secretary of State, it was vital for her to keep enemy states away from confidential information.

The scandal was dubbed as the ‘email controversy’ but in actuality, it was an ‘email security controversy.

Quick Tips for Ensuring Email Security

Email security is an issue that is often provided less attention than it deserves. Organizations, institutions and even individuals in personal capacity use emails to share sensitive information.

Protecting this information is utmost important. This is because if the right information gets in the wrong hands, it can be used to blackmail, manipulate or even humiliate someone.

Hence, you should make no compromises in ensuring that your emails remain safe and secure. Below, we have laid out several methods you can apply to keep your emails away from malicious individuals.

Create Different Passwords

Passwords are the backbone of your online privacy. By creating strong passwords you eliminate the immediate threat of a hacker gaining access to your personal information.

However, even if you have created the strongest password in the word, do not use it for all your online accounts. If you have a single password for everything, you are walking into a trap.

Imagine the nightmare if you lose this password. Everything from your Facebook profile to your Amazon account will be at risk.

If you have a hard time remembering multiple passwords, you can avail the services of a password manager. In any case, avoid this rookie mistake.

Be Careful on Public Wi-Fis

Public Wi-Fi can be detrimental to your online security. This is because they are filled with nefarious threats. Hackers lurk on these Wi-Fi networks to get their hands on your sensitive information. This includes the password of your email.

With the program called ‘network sniffers’, the hackers can monitor traffic on a particular network and examine it for important information. However, there is a way for you to escape their watchful eye.

By employing a VPN, you can encrypt your online traffic and keep hackers at bay. A top VPN anonymizes your online profile making it difficult for hackers to monitor your connection.

Avoid Phishing Traps

Phishing is a popular hacking method in which the hacker disguises as a trusted entity, person or an organization to steal your password. It is the oldest form of cyberattacking that originated in the 1990s.

What happens in this attack is that you receive an email or an instant message that directs you to a fake website. The website is a spoof, meaning that it is copy of a legitimate site.

On this website, you will be required to provide your email and password. From there, you can guess what happens next. There are also more direct methods to phishing.

Sometimes you will receive a message from a certain website, asking for your login credentials to ‘fix’ a certain issue. Of course, this will be an imitation of the real website and your credentials will end up with the hackers.

Phishing scams can be somewhat difficult to recognize but there share few common things:

  • Request for your personal information
  • Threats to shut down your account
  • Bad grammar
  • Made up URL

By looking out for above signs, you can avoid phishing and keep your email secure.

Create Multiple Email Accounts

Just like keeping a single password for all account is problematic, using a single email for all online purposes is risky. The reason for having multiple emails is the same reason you should have multiple password.

If a hacker succeeds in breaking into your ‘one-for-all’ email account, he/she will have a field day with your online profiles.

Hence, create separate accounts for work, your personal activities and one for different website you use.

Scan Your Device for Viruses and Malware

To keep your device free from malwares and viruses, run frequent scans through capable anti-virus programs. The good news is that most anti-virus programs perform this function for you.

However, if you believe that you received a suspicious mail, scan your computer just to stay on the safe side. You can never be too careful with your online security.

Final thoughts

As many real life examples have shown, one cannot take email security lightly. You can suffer both personal and financial loss by being careless in your emailing activities.

This is why it preferable that you take all the necessary precautions to keep your emails safe and secure.

Categories
security

Quantum Cryptography: The ‘Key’ To Perfect Security?

Since the dawn of the computer era with the Apple I, the need for security has been crucial. Although simple encryption was strong enough to fend off some of the first real hackers, the popularization and advancement of technology in our society has made even the strongest means of encryption all but null in comparison.

However, for the last few years scientists have been working on what they believe to be the future of encryption, and a way to ensure encrypted files are completely unhackable no matter what they face. Although some skeptics speculate that this form of cryptography has its flaws like any other, the future is bright with this new means of data security, and the likelihood of a brighter future is all but sealed in exchange. However, to know just how this form of encryption could alter the way we secure our data forever, we must first know exactly what it is, determine whether it truly is unhackable, and back these statements with evidence presented through testing of the actual encryption itself.

What is quantum cryptography?

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. One of the most popular forms of quantum cryptography is quantum key distribution, which is where two parties use a shared secret key to encrypt and decrypt messages between them.

The main reason that this form of cryptography is so effective is the fact that it allows the completion of multiple cryptographic tasks that were otherwise proven or conjectured to be impossible using other forms of non-quantum communication. There are multiple different ways that this form of cryptography can be used, including quantum commitment, quantum coin flipping, bounded- and noisy-quantum-storage model, position-based quantum cryptography, device-independent quantum cryptography, and post-quantum cryptography.

However, although many have claimed that these different procedures are utterly unhackable in the past, many of these systems have been proven to be flawed in multiple ways, leaving them completely open to even the weakest hackers out there in a matter of seconds. The main reason for this is the fact that the code can be easily written incorrectly and, in turn, can quite easily lead to a data breach.

In fact, despite this seeming to be a completely unhackable, tried and true solution to the issue of data security, it appears to be far from it at this point in time. However, the question remains: if it were done correctly, would it actually be unhackable?

Is it actually unhackable?

In short, the answer is simply “no”. However, this does not mean that this will be the case indefinitely. In fact, many scientists believe its flaws all come in the form of simple careless human errors in the basic code that creates these cryptographic methods. For instance, on the subject, physicist Renato Renner from the Institute of Theoretical Physics in Zurich stated, “If you build it correctly, no hacker can hack the system. The question is what it means to build it correctly.”

Although we have quite a ways to go, testing continues to occur and, as with all technological advancements, things are certainly looking up for the fans and advocates behind this rather innovative form of data security. In fact, in September of last year, a group of scientists, engineers, and pilots tested quantum cryptography using photon detection in an airplane. These scientists were able to receive encrypted messages through photons from the ground below with ease, making them the first to prove quantum cryptography’s success when used in long distance situations. This test further reveals its ability to be used for things other than point-of-presence technology, as it makes its way towards military applications.

Therefore, although this form of encryption may be currently hackable due to weak keys and mistakes in coding, the likelihood of this form of encryption becoming the norm is extremely high. In turn, the world may be changed forever, and the safety of our most personal information may be an afterthought in the long run.

How can it impact our world?

Although the use of this form of cryptography in the military is already an important factor to keep in mind, this is far from the only way that quantum cryptography can be used. Another massive industry that may be positively affected by this form of data encryption is the job industry. For big companies, the data they receive is not only private, but also highly valuable as well. Because of this, the way this data is secured is extremely important. For instance, if an individual chooses to utilize a system such as FileMaker in the cloud, this completely opens up their company and all of their data to cyber attacks. However, using quantum key distribution, these pieces of data being transferred back and forth can be quickly and meticulously encrypted to ensure their security — no matter what the case scenario is. Because of this particular use, quantum cryptography is an amazing example of workplace cyber security.

Similarly, some scientists believe they can utilize this form of encryption to create networking equipment dedicated to the security of any and all transferred messages throughout entire companies. Although this is a technology that appears to be something we will not successfully achieve until much further in the future, the idea of being able to encrypt messages without doing any work in the process is yet another way that this form of cryptography makes for a highly enticing security future.

Lastly, another way that this form of security may be used in the future is for telemedicine and various other technologies in the healthcare industry. Recently, the use of technology and advancement in healthcare has become an issue of much concern, as multiple individuals have feared that connecting the health of individuals to the cloud could lead to hazards, and even deaths, in the process. From heart monitors leading to the instant death of multiple individuals, all the way to VR attacks on headsets used specifically to rehabilitate stroke victims, quantum cryptography could eliminate these deadly possibilities.

The use of encryption to secure a patient’s information and forms of healthcare is what makes quantum cryptography so enticing to healthcare professionals. By encrypting forms of healthcare which utilize technology such as heart monitors and VR headsets, and by examining the technologies used to create things such as medical images and store personal patient information, quantum cryptography can completely transform the way we look at healthcare as a whole.

In the end, these are only a few examples out of many. The truth is that this form of encryption could very well lead to a brighter future for our country, if built correctly. After all, it takes one big idea to change the world forever, and even the smallest of people can make the biggest of dents.

Categories
security Telecom

Stealing data via a desktop telephone?

Data protection is a hot topic. In many countries worldwide new data protection laws are implemented. These laws are created to ensure that personal data as stored and processed by companies and organizations will be protected against theft and modification.

A well-known example is the General Data Protection Regulation (GDPR) as approved by the EU last year, which will become active in 2018. It will become law in all member countries. It is not a directive which can have different interpretations and timelines per country but will be the same law in all member states.

Data protection regulation is relevant when data can identify or provide information about a specific person. Personal data can be anything. Names, addresses, etc. of course. But also photos, financial documents or medical data. And – taking the European laws as an example – not just for the data owner, but also for third parties processing the data (e.g. cloud service providers) on his behalf. It also means that most regulation crosses international borders. The EU regulation applies to all companies who process personal data of European citizens.

What does data protection regulation cover? Typically, companies need to have a proper administration of which data are stored where (including local spreadsheets with customer data). They also should make it possible for customers to have their data erased and the design of their systems should guarantee data protection (called ‘privacy by design’). Finally, they have to inform the regulator and public about data breaches that occurred and penalties are increased to the level which can mean a serious financial risk for a company.

However, it is not just about your data infrastructure

Of course, everything is data nowadays. Also, voice telephony is a data service, and that is specifically the case for VoIP infrastructures and services as deployed in many companies and organizations. We noticed however that the key focus of many data protection projects is on traditional ICT infrastructures. VoIP is often a blind spot.

While…it is also about voice communications

Ignoring VoIP could mean a serious mistake, however. Let’s have a look for example at a medical institute. Patients definitely don’t like the idea that their information becomes public. Nevertheless, the phone can provide easy access to these data. First of all, a modern desktop telephone provides access to the complete contact list of the user of that extension. A customer list, or – in the medical institute – the list of patients for example. This is just a beginning. The desktop phone also gives direct access to the voicemail system, which may disclose some very sensitive information. For example, if one medical specialist shares his diagnosis with a colleague. The biggest risk is however that office phones are the perfect social engineering tool. If someone has unauthorized access to a business telephone, just his caller ID makes him a trusted person to other employees of the organization as well as staff from other organizations. This trusted personal contact is the best way to acquire sensitive information and other personal data.

So, are your business telephones secured?

Most people think that advanced business desktop telephones can be secured by a PIN or something similar. Which is true. However, this security is often not used. The security mechanism most of the time means that employees have to enter a username (for example an email address) and PIN via the very basic keypad of their telephone, which is a very inconvenient procedure. So in many occasions, once logged in, people keep their phones logged in as long as possible. Or the login mechanism is disabled completely. There are examples of professional service managers actually giving such advice to their end-users.

The impact is that many office telephones provide open access to private and other sensitive data. Not at a level that millions of customer or patient records can be downloaded at once. But still, via the telephone, private documents and other information can be stolen from your organization right now. Therefore, protecting your office telephones may be an essential step in your companies data security plans.

Categories
security

Tips And Tricks To Regain Your Stolen Identity

Stolen identity is a frightening experience, and it causes a lot of headaches and frustration. The trick is to stay protected whether you’re shopping online or simply giving out your credit card to a live cashier. If you’re already a victim of identity theft, here are a few tips and tricks for regaining your identity:

Understand Identity Theft

Identity theft is more than just a stolen credit card number. Many thieves are now using private information, such as your social security number, birthdate, and/or name to commit fraud, such as applying for loans or credit cards under your name. Approximately 9 million Americans are part of an identity scam, but most aren’t as extreme. Even mild cases of identity theft are difficult to resolve, but with the right support, financial experts can help.

Act Fast When Your Identity is Stolen

The first thing to do is contact each of the credit reporting agencies: TransUnion, Equifax, and Experian. They can put an alert on all of your open accounts, and can also freeze your social security number from any other accounts being opened or accessed. Next, utilize resources on the FTC website. Many of the forms available on this site will help expedite the process. Depending on the type of theft, you may choose to file a police report with your local precinct.

Keep Track of all Your Information

Next, close any fraudulent accounts and if there are suspicious charges on your own accounts, close them out too. You can do this by calling your banks, credit card companies, and any other businesses with which you have accounts. Keep detailed records of how much time you spend, because if the case ends up going to court, you can seek damages for these hours. Several months after the loss, obtain a credit report to make sure that all the fraudulent charges are gone. Once you complete these steps, your credit will return to its original status.

Learn to Prevent Future Identity Theft

You can also take preventive steps to avoid identity theft before it happens. One tip is to never carry your social security card. If you use a debit card, don’t keep the Personal Identification Number with it. Some experts recommend that you never use a debit card for online purchases. Since this links to your checking account, a thief can drain your bank account in just a few transactions. A credit card is much more secure, since it’s much easier to reverse a charge and issue a credit instead of trying to replace stolen money. Be cautious when using websites to shop, and make sure they have valid security and encryption.

Use Tools That Help

If you receive credit card applications, bank statements, or other personal documents by mail, make sure to shred them instead of tossing them in the trash. Keep careful track of your credit card and bank statements, and report any unauthorized activity immediately. Another great tool is LifeLock id protection, which helps monitor your patterns and alert you of any changes in spending.

With so many resources, identity theft becomes more manageable, and those affected can resolve the problems and return to financial freedom.

Categories
Mobile Motorola security

Motorola Increasing The Security Of Its Android Phones – Buys 3LM

The security on Blackberry phones is impeccable, there is no doubting that. So, Motorola is planning to do the same with its Android phones – make them as secure as possible for which they have bought 3LM. 3LM is a security device developer that designs security softwares for Google’s Android based phones, thus making the Android devices as secure as Blackberry. This is in fact a good move by Motorola as it is planning to implement the phone’s startup security on the phone itself than asking users to buy a security application from the Android Market Web Store.

3LM apparently is planning to start security solutions for other companies that produce Android based smartphones as both Motorola and 3LM do not want a conflict with other companies about security solutions for Android devices.

Categories
Apple iphone 4 security

iPhones Easily Vulnerable To Hacks

The iPhone that we are using can be cracked and all the passwords and data on the phone can be stolen. All this can happen in less than six minutes time. Wondering how? Two researchers from the Fraunhofer Institute Secure Information Technology, Germany have been able to achieve this feat. These two researchers used a jailbreak on the iPhone and installed an SSH server (a secure shell or a network protocol used for network exchange) after which they ran a script to access the keychain and in under six minutes passwords along with their screen names popped up on their home screen.

Along with the phone’s security, the script used by the researchers was also able to break into one’s Gmail, MS Exchange and the VPN as well and recovered the usernames and passwords asociated with these programs too.

The researchers have suggested to change passwords immediately in case you have to lose the phone. Beware folks.

Categories
Mobile security

Sophos Antivirus Now On iOS and Android Phones

Sophos which offers enterprise security solutions has now launched the Sophos Mobile Control for mobile phones that run on Goolge’s Android OS and the iPhones. It has to be noted that Sophos does not offer any solutions for home based computers and only concentrates on enterprise solutions. This new mobile security is also for businesses that are run on hand held smart devices like the iPads, iPhones, Android based phones and the Windows phones. This Mobile Control Security adds extra security to the data on these phones.

This mobile security options on phones is also centralised allowing the users to wipe off any confidential data from the phones or lock them in case the handset gets lost. This new security control also restricts the use of other unwanted devices like the camera,youtube et. allowing the users to carry on with their work unhindered.