Posts Tagged ‘malware’

What Would You Do If The Internet Went Dark?

Tuesday, October 25th, 2016
Data Security Planning - Ohio CPA Firm

Once again, weak usernames and passwords were to blame although, unlike in the past, individual users weren’t the primary culprits. According to United States security researchers, hackers utilized common electronic devices, such as DVRs, webcams and digital recorders, to execute a complex internet-wide attack. Read on to find out what you can do to protect your devices, your cloud-based data and yourself.

These days it’s not uncommon for our lives and our businesses to be managed almost entirely online. From our communications and calendars to our thermostats and security systems, while the internet may have made us more efficient, it has also made us more vulnerable. And these days, the safety of our networks and databases are never guaranteed – a lesson that was made abundantly clear after last week’s massive cyberattack.

Weak Usernames, Passwords Are (Once Again) To Blame

As most of you already know, some of your favorite websites took a hit last week. And as much as you may have wanted to take to Twitter to vent your frustration – you couldn’t. So, what happened? Once again, weak usernames and passwords were to blame although, unlike in the past, individual users weren’t the primary culprits. According to United States security researchers, hackers utilized common electronic devices, such as DVRs, webcams and digital recorders, to execute a complex internet-wide attack. The massive distributed denial-of-service (DDOS) attack was made possible thanks to weak default usernames and passwords found in the internet-connected hardware. This attack was the result of a Mirai botnet attack, which is specifically designed to scan the internet for poorly secured products and then access them through easily guessable passwords like “admin” or “12345.” Earlier this month, after security experts gained access to the botnet’s source code, which was released to the hacker community, it was discovered that the botnet was designed to try a list of more than 60 combinations of user names and passwords. Officials with Level 3 Communications, a provider of internet backbone services, estimates this recent attack was also the result of a Mirai malware attack that infected more than 500,000 devices.

Read Also: Cloud-Based Data Storage Solutions Aren’t Risk-Free

Unlike botnets that typically rely on PCs, Mirai malware targets internet-connected devices that have weak default passwords, making them easy to infect, said Michel Kan a correspondent for PCWorld. More botnets like Mirai will appear unless the hardware industry can move away from default passwords. Hangzhou Xiongmai Technology Co Ltd, a Chinese electronics component manufacturer, said because its products inadvertently played a role in last week’s cyberattack the manufacturer will recall some of the products it sold in the U.S. The Chinese company said the security flaws associated with its products were patched in September 2015 and that its devices now ask customers to change the default password when used for the first time. However, products running older versions of the firmware are still vulnerable. Users with older versions of the company’s products can still protect themselves by updating their product’s firmware and change the default username and passwords or simply take their products offline by disconnecting them from the internet.

Protect Your Devices

Do you own a device that connects to the internet? Take the following precautions to prevent a hacker from infiltrating your system:

  • Check for updates regularly.
  • The first time you pull your device out of the package, change the password.
  • Disable features and services that you don’t need or won’t use.
  • Turn off your devices when they aren’t in use.
  • Pay close attention to your privacy settings.

Protect Your Cloud-Based Data

A lot of times, individuals and businesses will consider cloud-based data storage solutions to be more secure, but the way I see it, if it’s online, it can be hacked – regardless of how many safety protocols you may have in place. Criminals continue to look for new ways to infiltrate our online devices therefore, it is reasonable to assume, that they are looking for cracks in the cloud-based security solutions as well. This article will give you more insight into the risks you may be taking on if you were to move all your data to the cloud.

Protect Yourself

For more information and insight about protecting yourself online, read my comprehensive whitepaper: Cybercrime: The Invisible Threat That Haunts Your Business. By Joe Welker, CISA (New Philadelphia office)

Check out these articles for more helpful cybersecurity insight:

Top 5 Reasons Why Every Business Should Have A Business Continuity & IT Disaster Recovery Plan

How To React To A Data Breach

Can A Cybercriminal Crack Your Company’s Network?

Share Button

Help The FBI Find A Defense Against Ransomware

Monday, September 19th, 2016
Help Fight Ransomware - Ohio CPA Firm

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

Read Also: Could Your Company Be Ransomware’s Next Victim?

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1)     Restore the machine by using backup media, or

2)     Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Read Also: How Much Is Your Data Worth To Criminals?

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

  • Provide law enforcement with a greater understanding of the threat
  • Help justify Ransomware investigations
  • Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.

To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”

Share Button

Can A Cybercriminal Crack Your Company’s Network?

Tuesday, April 5th, 2016
Ransomware Attack | Cybercriminals Target Businesses | Ohio CPA Firm

Ransomware has become a formidable threat to businesses of all sizes, yet I have worked with quite a few business owners who are unfamiliar with the term. This is particularly unnerving as a Ransomware attack can be catastrophic to the financial stability of your business. Read on for tips to help you prevent a Ransomware attack from taking down your business.

Small and midsize businesses are not immune to becoming the target of a crippling cyberattack and without the proper procedures in place business owners risk the very real threat of a large-scale assault on their company’s data. Would you be able to recover if your organization was attacked?

Instances of cybercrime have reached an all-time high and ensuring that your company has the procedures in place to guard against an army of determined fraudsters is more important than ever. But before you can implement effective controls, you must have a clear understanding of what it is that threatens your business.

Know Your Enemy

Ransomware has become a formidable threat to businesses of all sizes, yet I have worked with quite a few business owners who are unfamiliar with the term. This is particularly unnerving as a Ransomware attack can be catastrophic to the financial stability of your business.

Read Also: Could Your Company Be Ransomware’s Next Victim?

Ransomware is the infection of a computer which immediately encrypts all recognizable file types. Once your network is infected, a screen appears on your monitor demanding that the company pay a ransom in exchange for the data to be “decrypted” and released. A timeframe is established by the hackers and it is made clear that if the ransom is not paid before the deadline, the organization’s data will be destroyed.

4 Tips To Help Prevent A Ransomware Attack

To protect your business against Ransomware and other similar threats:

  1.  Train your employees to identify phishing emails.
    Numerous vendors can provide your company phishing tests and video training to help educate your employees about phishing emails and ways to identify possible scams. Specifically, work to change the mindset of those within your organization when it comes to opening attachments and clicking on hyperlinks.
  2. Set employee Microsoft Active Directory rights.
    It’s unlikely that all your employees will need full-access to your company’s entire database to do their jobs. One way to protect your data is to only grant access to the data needed for employees to complete their job responsibilities. This way, if an attack does occur, the damage can be isolated.
  3. Consider implementing programs such as Microsoft “AppLocker.”
    When you implement programs like AppLocker, you require users to be assigned access to the programs they need to utilize. Again, this helps to isolate the threat which can help minimize the impact of an attack.
  4. Implement a Disaster Recovery (DR) Plan.
    Some research indicates that only about 35 percent of small- to medium-sized businesses have a working and comprehensive disaster recovery plan. We are learning time and time again just how important it is to have a plan in place to protect your business when crisis strikes. A DR plan, complete with regular plan testing and offsite backup data, will help prepare you for unforeseen events which, under current circumstances, could prove to be catastrophic. Click here to learn more about the benefits of a DR plan and how they can keep your organization and its data safe.

Guard Your Data With These Best Practices

Monitor for irregularities

If your network is infected, you can eliminate or decrease the threat of Personally Identifiable Information (such as financial records, medical information or intellectual property) from being infiltrated by utilizing an Intrusion Detection System or Security Information & Event Management application or service. These applications are designed to monitor for invalid access attempts, outgoing traffic identification and other significant alerts.

Require two-factor authentication

Many breaches are the result of access that has been granted to a third-party vendor. Oftentimes the vendor’s network will become infected and can lead to the breach of your own organization. While the data breach may not have originated within your organization, you are responsible for the inroads that were ultimately exploited by hackers to gain access into your network. A best practice is to require all vendors to utilize two-factor authentication or direct contact with your IT staff in order to gain access to your company’s network. Your networks should never be directly accessible to any outside vendor.

These tips can help you protect your organization from cybercriminals, but they only provide an initial layer of security. New threats are being developed every day and existing threats are evolving rapidly. The best thing you can do is arm yourself with knowledge and regularly test for weaknesses in your company’s armor. One day, your business will be the focus of a cyberattack. Will you be ready?

Email Rea & Associates for more information about protecting your business from cybercrime.

By Joe Welker, CISA (New Philadelphia office)

Check out these articles to learn more about Ransomware and other cyberattacks on businesses:

How Much Is Your Data Worth To Criminals?

Businesses Beware: Sloppy Data Security Could Cost You

Then & Now: Data Security In America Since The Target Breach

Share Button

Phishing Scam Is A Threat To Ohio Businesses

Monday, March 28th, 2016
IRS Phishing Scam - Ohio CPA Firm

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information.

The Ohio Department of Taxation (ODT) is echoing phishing scam alerts made by the IRS earlier this month in an effort to protect businesses and employees state-wide from identity theft and tax fraud.

Read Also: Payroll, HR Departments Targeted By Cyber Criminals

According to ODT, payroll and human resources offices at companies nationwide – including some in Ohio – reportedly received emailed requests that appear to be sent from a high ranking member of the company’s management team requesting confidential payroll data. While the emails appear to be legitimate, they are actually being sent by cybercriminals who are looking to fool employees into sending them detailed payroll and W-2 information. The imposters then use the information to file fraudulent tax returns.

“The scam has worked on more than 30 companies resulting in the theft of W-2 tax information for thousands of current and former employees,” ODT’s news release states. “The W-2 form contains an employee’s Social Security number, salary and other confidential data. This information enables thieves to create a realistic looking, but fraudulent tax return requesting a tax refund that is then filed with Ohio or other states, and the IRS.”

The frequency of tax fraud and identity theft continues to increase at an alarming rate. This tax season alone, the IRS reported an approximate 400 percent increase in phishing and malware incidents – a surge that was addressed back in February.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” said IRS Commissioner John Koskinen. “Everybody has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information. You can also let them know that they should never send sensitive information until a conversation takes place, either in-person or over the phone, with the member of management seeking the information. You can also check out the information provided here for general insight from ODT that could be used to help your employees identify phishing attempts and email scams.

If your Ohio business has been the victim of or experienced this or any other type of email phishing scheme, contact ODT immediately at 800.282.1780 to protect against potential tax fraud and safeguard Ohio taxpayer dollars.

Those who are interested in learning more about the increasing threat of cybercrime should check out The Columbus Cybersecurity Series. Presentations are scheduled to take place throughout the year and will focus on ways to help business owners learn more about cyber threats. The first installment is scheduled for Wednesday, April 6. The event is free but registration is required to attend. Attendees will walk away with new insight into these attacks as well as tips and advice that will help you protect your business.

By Lisa Beamer, CPA (New Philadelphia office)

Want to protect your employees from identity theft and tax fraud or need help recovering? Check out these articles:

How Can You Protect Yourself From Tax Fraud

Identity Theft Prevention: Tips To Reduce Your Risk of Becoming a Victim

How To Recover From Identity Theft & Refund Fraud

Share Button

Malware Threat Spreads To Smart Phones

Wednesday, September 16th, 2015
Malware Goes Mobile  Ohio CPA Firm

According to the digital media analytics company comScore, between the months of December and March 2015, more than 187.5 million people in the U.S. owned smartphones. During that time, Google Android led the pack as the number one smartphone platform with 52.4 percent platform market share. In other words … that’s a lot of potential LockerPIN victims.

Would You Pay A Hacker’s Ransom If Your Phone’s Data Was At Risk?

Researchers and IT security experts from ESET, a global IT security company, recently announced that they had discovered a malware application that is designed to encrypt files and change PINs on Android devices in the United States. In return, victims are demanded to pay up to the tune of $500. Only then will hackers provide users with the recover key.

If it continues to spread, this form of malware could result in a staggering number of victims. Once again we are reminded of how important it is to vigilantly protect ourselves against fraudsters who will continue to exploit such weaknesses in our technological infrastructure.

According to the digital media analytics company comScore, between the months of December and March 2015, more than 187.5 million people in the U.S. owned smartphones. During that time, Google Android led the pack as the number one smartphone platform with 52.4 percent platform market share.

Read Also: Could Your Company Be Ransomeware’s Next Victim?

Malware Goes Mobile

The malware, called LockerPIN, spreads via third party applications, which are downloaded by the user to their Android device. Similar to the CryptoLocker and CryptoWall malware that has inundated users over the past several years, LockerPIN spreads malware’s reach to the mobile user.

Originally discovered in Ukraine in 2014 the malware has been modified to the point that it is just now making its North American debut. Disguised as a system update, the application changes the user’s PIN to a random setting without their knowledge. The worse part? The only known recovery solution is to perform a complete factory reset, which will result in the loss of all your data.

Fair Warning

It’s only a matter of time before this malware progresses to the point of being able to infect all phones. In the meantime, there are actions you can take to protect yourself.

1)     Never download apps outside of certified app stores.

2)     Back up your mobile devices to your computer or to the cloud regularly.

3)     Do not grant administrator privileges to apps unless you truly trust them.

4)     Stay away from suspicious apps and sites.

By Joe Welker, CISA (New Philadelphia office)

Want to learn more ways to protect yourself and your business from IT threats? Check out these articles.

Who Is That Email Really From? Red Flags To Be Aware Of When Opening Your Email

Who’s Fishing For Your Data Today?

Could A Cyber-Attack Cripple Your Business In 2015?

 

 

 

Share Button