Definition: Like-Farming Scams

September 9, 2015 by The T By D Team 1 Comment

Like-Farming Scams:

The process of gathering likes for a particular social media page through a combination of emotional exploitation, manipulation, and deception. This will involve CyberCriminals posting a string of posts designed specifically to capture followers for a Facebook page, which can then be later used for a variety of nefarious uses.

The list of followers can be used by the CyberCriminals for further spear-phishing, or sold to other CyberCriminals for their spamming use, or to marketing outfits.

FAQ: On the Hook for Hackers?

August 27, 2015 by The T By D Team Leave a Comment

FAQ:

On the Hook for Hackers?

Once you are hacked, you have to worry about what data was lost, where it went to, and whether it’s being used maliciously. That, along with towering legal fees, the embarrassment of having to inform all your clients and vendors about the hack, not to mention your damaged reputation, is enough to make your head spin.

Now an U.S. appeals court has confirmed that the U.S. Federal Trades Commission (FTC) can fine organizations that employ poor I.T. security practices.

You can bet that other countries will follow suit and make organizations libel for their poor I.T. security.

The ruling was part of a lawsuit between the FTC and hotel chain Wyndham, who was hacked 3 times in 2008 & 2009. Wyndham lost credit card data for more than 620,000 customers, not to mention the $10.6 million they lost due to the fraud.

FTC outlined specifics of Wyndham’s “poor I.T. security” including:

Wyndham allowed its partner hotels to store credit card information in plain text.
Allowed easily guessable passwords in property management software
Failed to use firewalls to limit access to the corporate network
Failed to restrict third-party vendors from access to its network.

You’re probably shaking your head right now, wondering how a big organization like that could make such huge mistakes…

Unfortunately, these are very common I.T. security steps for organizations to skip unknowingly.

63% of credit card breaches involve the compromise of data that was not known to be stored.

This means that despite your policies about the handling of credit card data, there is the very real possibility that you have unsecured cardholder information on your servers or desktops. Odds are your staff put it there for what they perceive as valid business reasons. Eg. A department may keep a list of credit card numbers that are billed monthly in an excel spreadsheet instead of figuring out how to use the secure system that’s been installed to manage this.

The top 25 worst passwords represent almost 3% of all passwords in the world.

This isn’t surprising when you consider that roughly 75% of surveyed people fail to follow best practice guidelines when creating complex passwords for new and existing accounts. It is estimated that every person has approximately 19 passwords. That’s a lot of easy passwords to hack…

A firewall is a business’s 1st line of defense.

While many internet services already provide firewall protection, most small business owners are unaware that the vast majority of standard firewalls only monitor incoming traffic by default, giving them a false sense of security and enabling CyberCriminals to view outgoing traffic that may contain credit card information, customer transactions, and other financial communications.

63% of the 2013 Trustwave Global Security Report were linked to a third-party component of I.T. system administration.

Granting access to an outsider lowers your security level. If they have feeble controls, they become the weakest link in your security chain. If a hacker compromises their system, he or she can use that as a backdoor into your network.

With so many businesses being hacked, and with CyberSecurity being more important than ever, now is not the time to skimp on your I.T. security budget.

The costs are simply too great.

But you can see how easy it is to miss important I.T. security steps.

We understand that I.T. is not your forte, and you’re just too busy doing your own job to keep up with all the I.T. ‘stuff’. That’s where we step in.

We handle everything I.T., so you don’t have to.

With any of our Monthly Service Plans, you can be sure your I.T. is handled.

We Make I.T. Work!

Ask About Our “Core Security Solution” Package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: AshleyMadison Hack Blows Up

August 20, 2015 by The T By D Team 1 Comment

ALERT:

AshleyMadison Hack Blows Up

If you haven’t heard about this yet (on the news, social media, around the water cooler…), you will soon.

We previously reported on the huge AshleyMadison hack, where CyberCriminals stole, and posted partial records.

The hackers who stole more then 36 million records from the AshleyMadison site (which promotes cheating on your partner)…

have now posted ALL the records.

All these records are now out in the open, exposing highly sensitive personal information…for everyone to see.

If that wasn’t bad enough…CyberCriminals are going to exploit this every-which-way they can, and then some.

Any of those 36 million registered users are now a target for blackmail, private investigators, divorce lawyers, not to mention the multitude of social engineering attacks:

spear-phishing email attacks, fake websites where you can “check if you spouse is cheating on you”, or ways to find out if your own extramarital affair has come out.

There has already been phishing emails that claim people can go to a website to find out if their private data has been released.

The following link is from a supposedly “reputable” source that you can check if you are on the list: https://ashley.cynic.al/.

NOTE: There have been reports that people have checked their names one day and got a “not on the list” verification. When that person checks the exact same email address the next day, it states that they ARE on the list.

CyberCriminals are going to exploit this situation in many ways – sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments.

If your employees open theses at work, these emails will infect your entire network!

Be on the lookout for threatening email messages which slip through spam filters that have anything to do with AshleyMadison, or that refer to cheating spouses —

DELETE THESE EMAILS IMMEDIATELY.

Feel free to forward this warning to friends, family, colleagues and peers!

Not sure if your company is safe? Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags” for what to watch for, in suspicious emails.

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Massive Internet Ad Poisoning

August 18, 2015 by The T By D Team Leave a Comment

ALERT: Massive Internet Ad Poisoning

The same CyberCriminals that infected the Yahoo site a few weeks ago, have struck again. This time, infecting sites like DrudgeReport.com and Weather.com. Both sites have hundreds of millions of visitors per month, and both were serving poisoned web ads to their visitors, which either dropped CryptoWall ransomware or infected the person’s PC with adware.

How It Works

Website advertisers do not sell their website ad-space to one website at a time. Websites that want to make money, sell their advertising space to an Ad Network. Advertisers sign contracts with Ad Networks, which then displays the ads on the websites that they bought ad-space on. The Ad Network sits in the middle between the advertisers and the websites, and they manage the traffic and the payments.

CyberCriminals fool the Ad Networks into thinking that they are a legitimate advertiser, but the ads they give the Ad Network to display are Poisoned. Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without you having to do anything. If you browse to a page with a Poisoned ad on it, it runs the risk of having your PC encrypted with ransomware (which will cost you a minimum of $500 to rid yourself of, unless you have a very recent backup!). The attack infects the computer literally in seconds.

What to Do

For Single Computers:

Disable “Adobe Flash” on your computer. Or, at least set the Adobe Flash plug-in to “click-to-play” mode – which blocks the automatic infections.
Update your security patches, and install them as soon as they come out. A majority of infections are due to security patches not being updated.
Download and install “Ad Blocker” plug-ins for your browser. These prevent the ads from being displayed in your browser to begin with. With the massive increase of PC infections, ad blockers are becoming increasingly popular.

For Computer Networks:

Get rid of “Adobe Flash” altogether. This is a frequent solution for many businesses.
Deploy ad blockers using group policy. Here is a forum post at the AdBlockPlus site where it is explained how this can be done: https://adblockplus.org/forum/viewtopic.php?t=29880

Not sure if your company is safe? Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags” for what to watch for, in suspicious emails.

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

August 2015 TechTips Newsletter

August 14, 2015 by The T By D Team Leave a Comment

Siri in Trouble With the Law!

AUGUST 2015 TECHTIPS NEWSLETTER

Technology news, information and interesting stories. Published monthly for Geeks and non-Geeks!

Siri in Trouble With the Law!
Technology by Design’s New Logo!
Amazon Reflects on its 20th Birthday!
Futuristic Tires Won’t Leave You Stranded!
Glamping Reaches a New High!
Commodore (Yes, THAT Commodore) is Ba..ack!
URGENT computer security warning!

You don’t want to miss this issue!

Get your newsletter HERE!

Comments? Let me know what you think at marketing@tbyd.ca

Keep Up-To-Date on the Latest Threats To Your Computer Network!

Regular weekly ALERTS on the latest security threats to your computer network

Check out the ALERTS here.

Do you have a question for our Resident Geek? Email it to: geek@tbyd.ca!

Like us on Facebook!

Follow us on Twitter!

An Urgent Security Warning for Businesses Running

Windows XP, Office 2003, and

Microsoft Windows Server 2003!

Windows XP and Office 2003 are no longer supported by the manufacturer.

Server 2003 will no longer be supported by the manufacturer after April 2015.

If your business or organization is currently running Windows XP, Office 2003, Microsoft Server 2003, or Exchange 2003 on any computers or servers in your office, you need to know about a dangerous security threat that must be addressed NOW!

PLEASE TAKE A MOMENT TO READ THIS IMPORTANT SECURITY ANNOUNCEMENT!

As your local Microsoft Partner, we are reaching out to all local businesses that use any of these programs to alert you to this serious security risk and inform you about what you need to do NOW to protect your company or organization!

WINDOWS XP AND OFFICE 2003

REPLACEMENTS MUST BE MADE NOW

WINDOWS SERVER 2003 AND EXCHANGE 2003

REPLACEMENTS MUST BE MADE BY JULY 14, 2015

Microsoft has officially announced that it retired all support for Windows XP and Office 2003 April 2014, and on the Server 2003 operating system on July 14, 2015.

This means any business still running any of these programs will be completely exposed to serious hacker attacks, aimed at taking control of your network, stealing data, crashing your system, and inflicting a host of other business-crippling problems you do NOT want to deal with.

This is such a serious threat that the U.S. Department of Homeland Security has issued an official warning to all companies still running these programs, because firewalls and antivirus software will NOT be sufficient to completely protect your business from malicious attacks or data-exfiltration. Running some of these programs will also put many organizations out of compliance.

CALL

1-204-800-3166

for a FREE ASSESSMENT

FAQ: CyberSecurity – What, Me Worry?

August 12, 2015 by The T By D Team Leave a Comment

“I’m Just a Mid-Sized Company. No Hacker is Going to Attack Me, I’m Not Big Enough”

Or

“No Hacker is Getting Through…I’m Too Smart to Fall for Their Tricks”

Those are just a couple of the excuses we hear often when we suggest extra security measures against hackers and CyberCriminals.

Let’s answer both of those excuses, one at a time.

Excuse #1:

“I’m just a small- to mid-sized company. No hacker is going to attack me, I’m not big enough.”

Many small- to mid-sized companies believe CyberSecurity is a problem only for large high-profile corporations, or those that conduct mainly financial transactions. Or those executives are naive; they think a serious breach never will happen to their system. When in fact, these things are happening all the time. No one talks about it, because they’re embarrassed they were tricked & would rather keep it quiet.

In fact, small and mid-sized businesses may be more vulnerable to attack, because criminals know these businesses do not take substantial preventative measures.

Companies with 250 or fewer employees accounted for 31% of CyberAttacks last year.

Hackers have probably infiltrated many mid-sized businesses already, and the malware sits undetected in their network, incrementally collecting data that shows how to access other systems or stealing proprietary product information.

Business Network Security Part of the problem, is that a controller likely set up the I.T. department, and no data security specialist has been appointed. Or, the “I.T.” person wears too many hats & can’t keep up with the latest malicious code and software patches.

Another part of the problem is that executives may believe that CyberCriminals can’t be stopped, so they are strictly reactive and focus on damage control instead of prevention.

Network entry points for hackers often are the same as for larger, and smaller, companies: passwords that are easy to guess, lost laptops, vendor access, uninstalled security updates and patches, and employees accessing social networking sites (such as Facebook, Twitter, and LinkedIn) on company computers. Cyber Risk Survey

Hackers are resourceful, and if they want in, they will keep trying until they find a way. Some of the most resourceful breach points: videoconferencing, networked printers, thermostats (one leading retailer’s attacker gained access to the company through its heating and cooling system vendor). Hackers even once invaded an oil company via an online menu at a nearby Chinese restaurant.

The potential ramifications of CyberHacks for small- to mid-sized companies are the same as larger ones – possibility of fines or lawsuits, expense of notifying victimized clients, expense of loss of clients’ confidence, loss of business. However, the small- to mid-sized business will feel the damage more.

According to a 2014 study:

The average cost of a data breach was $5.9 million for all U.S. companies.

The most common causes were malicious or criminal attacks (44%), employee negligence (31%), and system malfunctions (25%).

Still feeling safe?

Excuse #2:

“No Hacker is Getting Through…I’m Too Smart to Fall for Their Tricks”

The Pentagon thought they were too smart to get hacked too…until they got hacked.

The Pentagon has divulged that its computer networks were penetrated by suspected Russian hackers using spear-phishing tactics. The hackers got into their unclassified email network used by the Joint Chiefs of Staff office with approximately 4,000 military and civilian employees. Although the email system hacked was unclassified, emails can be extremely sensitive (especially at the most senior levels of the Pentagon), and offer details into planning, schedules, or personnel.

Andre McGregor, a former cyber special agent at the FBI, who is now the Director of Security at Tanium, a CyberSecurity firm, states:

“If you are able to get all that information from three or four individuals’ emails or communication, you have an entire picture of what’s been worked on the classified side.”

The hackers came in through a spear-phishing attack, in which the attacker crafts an email designed to trick the receiver into opening an attachment that contains malware, or clicking on a link to a compromised website. Once the attack was detected, the Pentagon shut down the computer network, to prevent additional data from leaking.

The Pentagon, Anthem, Sony, Target, and Home Depot all thought they were too smart & too hackproof.

Think You Should Worry Now?

What You Can Do To Prevent CyberHacking?

Partner with a trusted I.T. firm, to gain relevant advice for your CyberSecurity infrastructure.
Think twice about obtaining Cyber-Insurance – it often doesn’t cover much.
Realize that CyberSecurity is a business issue, which should be considered part of your firm’s overall strategy.
Monitor networks for unusually high traffic volume.
Work with your financial institution to implement multi-factor authentication and dual controls for financial transactions.
Strengthen administrative passwords.
Educate employees about CyberSecurity and what to look for.
Do not rely on system users – clients or employees – for protection.

Ask About Our “Core Security Solution” Package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: A $46 Million CyberHeist, and Why You Should Care

August 10, 2015 by The T By D Team Leave a Comment

ALERT:

A $46 Million CyberHeist…and Why You Should Care

Late last week, Networking firm Ubiquity Networks Inc. disclosed that CyberCriminals recently stole $46.7 Million using an increasingly common scam using spear-phishing.

Targeting businesses using spear-phishing isn’t a new tactic of CyberCriminals (see past ALERTs: Resume Ransomware, Banking Email Scam, Email Attachment “Fax”, etc.), but it has become increasingly common. Fax Scam

In this specific CyberHeist, CyberCriminals used fake communications from “executives” at the victimized firm in order to initiate unauthorized international wire transfers. Ubiquity, a San Jose, USA networking technology maker for service providers and enterprises, disclosed the attack in a quarterly financial report, which they filed this week with the U.S. Securities and Exchange Commision (SEC). Ubiquity states is discovered the fraudulent CyberHeist on June 5/15, and reported that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department. Ubiquity stated:

“This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties…As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred.”

Wire Transfer fraud Previously known as “CEO Fraud“, and “Business Email Compromise“, the CyberHeist that hit Ubiquity is a sophisticated, and (unfortunately) increasingly common one, targeting businesses working with foreign suppliers and/or businesses and that regularly use wire transfer payments. In January 2015, the FBI warned the public about CyberHeists that resulted in CyberCriminals stealing almost $215 million from businesses in the previous 1 1/2 years. In those CyberHeists, the CyberCriminals spoofed or hijacked email accounts of company business executives or employees.

Although Ubiquity did not disclose how they were victimized, usually CyberHeists of this kind are performed using spear-phishing company employees to first gain information about the company’s upper echelon, as well as information about which employees have access to and/or regularly perform financial transactions/wire transfers with suppliers/other businesses. They then either send fake emails spoofing those upper echelon or the employees (previously mentioned), in order to gain access to, or spoof wire transfers. In any case, the CyberCriminals are in search of money.

Why You Should Care

I know, you’re wondering what any of this has to do with you, because your business doesn’t have $46 million to lose…But that’s just it. $46 million obviously didn’t bankrupt Ubiquity, but a much smaller amount might bankrupt your business.

In any of these cases, ANY of these victimized companies could have been prevented by effective Employee Security Awareness training.

Think of all the Internet/I.T. security a big company like Ubiquity likely has…and the CyberCriminals still got in. Now think of the Internet/I.T. security your company has…scared yet? No, the bad guys that went after Uqibuity likely won’t come after your company. BUT there are CyberCriminals that are lower on the CyberHeist skill level scale that ARE targetting companies…JUST LIKE YOURS. And there are MORE of these CyberCriminals out there.

Not sure if you’re company is safe? Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags” to see a general indication of, and what to watch for, in suspicious emails.

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Search Toolbar is a Malware Conduit

August 7, 2015 by The T By D Team Leave a Comment

ALERT: Security Firm Warns Search Toolbar is Malware Conduit

The toolbar distributed by Chinese-language search engine Baidu, is being targeted by opportunistic attackers and use to exfiltrate corporate secrets, says Rob Eggebrecht, president and CEO of security firm InteliSecure.

Baidu, like all major search engines, including Bing, Google, and Yahoo, distributes a toolbar that can be used to speed up search engines. But Eggebrecht says that multiple organizations have traced data breaches to an intrusion that began when outsiders used the Baidu toolbar to sneak data-stealing malware into their company. Refusing to specify, he says that one recent victim was a U.S. pharmaceutical firm, from which attackers compromised research and development work worth millions of dollars.

Eggebrecht’s firm believes that the attacks can be traced back to individuals associated with the Chinese government.

“Our take on it, not trying to directly pick on the Chinese, is that…when users hit certain links, attackers drop down…malware, or phone-home technology, that starts capturing information.”

Eggebrecht states the toolbar-enabled data exfiltration comes at a time when his firm has witnessed a spike in attacks against corporate networks – and not just those targeting toolbars – by what appear to be attackers with ties to China. To date, hacking U.S. and Canadian organizations seems to trigger few, if any, penalties against either Chinese individuals or the government itself.

APT-style attacks – often beginning with a phishing email, and relying on targets to execute attachments and thus infect their systems with malware – are seen as the hallmark of corporate espionage. But attackers have never been adverse to employing simpler options when available. Eggebrecht states:

Targeting the toolbar “was an opportunistic way for the Chinese government to capture information in a very nonchalant manner, because…they know they have a good expat user base in the research community” that is going to rely on a Chinese-language search engine.

All browser toolbars should be blocked by default, states Alan Woodward, a computer science visiting professor at the University of Surrey, and a cybersecurity adviser to Europol, the association of European police agencies.

“These so-called ‘helper’ add-ins, I mean, god knows what they’re doing. It’s a well-known attack vector.”

Ask your I.T department if toolbars are blocked through your security settings.

Ask us about our Core Security Solution Package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Windows 10 Upgrade Offer Installs Ransomware

August 5, 2015 by The T By D Team Leave a Comment

ALERT:

Microsoft Windows 10 Upgrade Offer

Installs Ransomware!

Microsoft is in the process of releasing their new Windows 10 Operating System (OS). This is an upgrade you do not pay for, and promises to fix problems with earlier versions, and claims to be more secure. They plan to upgrade over 1 billion computers, causing inevitable confusion among PC users.

Cybercriminals are trying to exploit this confusion, with phishing scams and criminal call centres.

Criminals are making phone calls, claiming to be from Microsoft tech support. They ask for your credit card number “in order to charge you for the upgrade”.
CyberCriminals are sending emails claiming to be from Microsoft, with links claiming to link you to “your Windows 10 Upgrade”. When you click on the link, you download CBT-Locker Ransomware onto your computer.

If you would like the Windows 10 Upgrade, go directly to the Microsoft website for more information.

Here is the direct link, or copy & paste the link into your address bar: http://www.microsoft.com/en-us/windows/windows-10-upgrade.

However, you might want to wait on upgrading to Win10, until more field-testing is completed. See why on our review.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Review: Windows 10 Upgrade

August 5, 2015 by The T By D Team Leave a Comment

Review:

Windows 10 Upgrade

Microsoft is in the process of releasing their new Windows 10 Operating System (OS).

Major OS upgrades usually cause confusion among end-users, and this is no exception. Microsoft plans to upgrade over 1 billion computers, which is sure to cause mass panic and confusion.

This is a free upgrade, and promises to fix problems with earlier versions, and claims to be more secure.

However, in addition to the CyberCriminals’ campaigns to trick potential victims out of their money and information, the Windows 10 Upgrade isn’t all it’s cracked up to be.

Personally, I would hold off on upgrading my PC until a lot more field-testing has been completed.

Here are a few good reasons NOT to rush into the Win10 Upgrade:

Some of the new features like the “Windows Update Delivery Optimization” (WUDO), which works like torrents do. It makes your Win10 machine part of a peer-to-peer network, delivering Win10 to other users using your bandwidth.
The new “Wi-Fi Sense” makes Wi-Fi more available and accessible. So in theory, anyone who wanted access to your company network could befriend an employee or 2, park in your office parking lot (to be in range), then gain access to your wireless network. See ‘The Hacker News‘ article on exactly this: http://thehackernews.com/2015/08/windows-10-update.html.
Win10 also grabs all information it can get, making this version incredibly intrusive. To disable this: open “Settings”, click on “Privacy”. You’ll have to make your way through 13 (no, not a typo) painful screens, until you get where you want. You’ll want to disable anything you see as worrying. You’ll want to adjust what types of data each app on that box can access.

Before you install any new software on your PC, you’ll want to do a little research and make sure you know all the benefits, AND the pitfalls of the software.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

« Previous Page
1
…
7
8
9
10
11
…
52
Next Page »