Blog

Photocredit: Stephen Coles; https://www.flickr.com/photos/stewf/ Is Email Phishing Unstoppable? Just don’t rely too much on your office antivirus software. Your antivirus software ~might~ be good at stopping viruses, but they’re becoming more irrelevant every day at protecting your data and devices. Some experts are pointing to a recent warning by the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (CERT), where they issued a warning about global security product Symantec and Norton Security products containing dangerous vulnerabilities. This doesn’t mean they’re completely useless and they don’t perform an important function. There’s a more important reason to not blindly trust your antivirus software to keep your data safe.  People tend to rely too much on them, giving them a false sense of security.  Evolving Threat Tactics Just a few short years ago, antivirus software protected against 80 to 90 percent of online threats. Today, it’s more like 10 to 20 percent because of constantly evolving threat tactics. While some company executives feel smugly confident about their level of antivirus security, cyber criminals are getting in through the company’s weakest links—the users.  An alarming trend is the aggressive growth of phishing techniques used by attackers in 2016. Hackers are spending less effort...

How to Find Out if an Account Has Been Hacked The recent disclosure that Mark Zuckerberg’s own Facebook account password was hacked this week should set alarm bells off for anyone who’s ever created an online account. You have to wonder, if the Facebook founder’s email and password accounts aren’t safe, then what is? In case you haven’t heard, last weekend Mark Zuckerberg’s Twitter and Pinterest accounts were briefly hacked by a group calling itself OurMine. They demonstrated by announcing his lame password on his Facebook timeline. No, Facebook wasn’t hacked. Zuckerberg’s email and passwords were part of a LinkedIn database that was actually hacked back in 2012, (along with up to 167 million others), and just posted online in May this year. Since then, hackers have been having a heyday with them. So if Zuckerberg’s LinkedIn account was hacked, why did it affect his Facebook and Pinterest account? It’s because he used the same lame password for all of those accounts. And he never changed it after LinkedIn announced they were hacked....Since 2012. Apparently Zuckerberg is guilty of password laziness - using the same lame passwords on multiple accounts. He’s not alone. Along with millions of others who are getting...

Microsoft Finally Bans Easy-Stupid Passwords If you see the above Reset your password line when logging into your Microsoft account--and it tells you to “Choose a password that’s harder for people to guess”--it’s because Microsoft won’t let you use your dumbass password any more. Earlier this week Microsoft turned on a new feature that dynamically updates a list of bad passwords, and will block users from trying to use them. From now on, you can forget about all those stupid passwords so many people stubbornly stick to, like 123456, password, 12345678, qwerty, 12345, 123456789, football, 1234567, dragon, and baseball. These are the top 10 most common passwords used by people, as gleaned in part by 117 million LinkedIn accounts that were originally hacked in 2012 and leaked last week, and by the password attempts hackers use on various Microsoft accounts. Alex Weinert from Microsoft's Identity Protection Team says that Microsoft has been collecting all the password guesses used by hackers from the 10 million daily hacking attempts they see."We analyse the passwords that are being used most commonly. Bad guys use this data to inform their attacks," he explains."What *we* do with the data is prevent you from having a password...

DDoS Attacks: What to Expect & How to Mitigate   A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.  We’re talking about DDoS attacks today because they are so common now that most organizations in North America have experienced some form of DDoS attack in the last 12 months. In fact, one third of all downtime incidents are attributed to DDoS attacks, according to the worldwide Digital Attack Map (operated by Google Ideas and Arbor Networks). The New Botnet Armies Cyber attackers spend a lot of effort to build armies of botnets -  networks of infected computers -  by distributing malicious software via websites, social media, emails, attachments and other devious ploys (see Phishing in the Office Pool, some staggering facts on phishing, your employees and corporate risk). Once infected, these botnet computers can be controlled remotely without their owners' knowledge, and used like an army to launch attacks against any targets. Some botnets are millions of computers strong. Launching Attacks Botnets generate massive floods of traffic to overwhelm a target. Some floods are more connection requests than the server can handle, while others send huge...

DDoS Attack Ransom Notes a Growing Menace for Businesses of All Sizes Reports of DDoS attacks—preceded by ransom notes—are surging, according to surveys conducted by IBM Security and Digital Shadows. This is alarming because, while a DDoS attack won’t destroy your data, it will still disrupt your business and result in significant expenses.   “It’s Extortion 2.0”, says Netcotech CEO Gideon Gideon, “These criminals are using black art cyber tools to extort money from innocent organizations, and they’re doing it anonymously and from a distance.” Once the scourge of governments and large multinationals, more and more small and medium sized businesses across all sectors are seeing increases in these and other types of cyber attacks.   A few years ago, most DDoS attacks were either politically or protest motivated, dirty tricks from competitors, weapons of war by governments, or used to cloak other hacking attempts. Cyber criminals have since learned that many smaller organizations will pay a fee of a few thousand dollars to avoid becoming victimized. Since it’s relatively easy to stage an attack, all they need to do is send out batches of Ransom Notes to pre-selected targets. After that the process is mostly automated. The number...

Is Your Business Network a Hardened Vault or a Cardboard Door?         Whether a desktop, laptop or mobile device, almost every computer we use is connected to some type of network. More than simply internet access and email, our corporate networks let us work more efficiently, be more productive and save money doing it. They are integral components for functions like purchasing, selling, collaboration and customer service. The advancement of modern networking technology means we have greater access to more data available than ever before. And we’re continuously adding more business applications and databases year after year. This increases the complexity of our operations and our access to them. “The nastiest growing threats for businesses today are hardware-centric cyberattacks, ransomware, zombie botnets and identity theft.” Unfortunately, this advancement and complexity is also adding to our security concerns due to the growing number of increasingly sophisticated cyberattacks on small and medium sized organizations. It’s no longer just data hijacking or DDS attacks that are growing, the nastiest growing threats for businesses today are hardware-centric cyberattacks, ransomware, zombie botnets and identity theft. Still, we seldom think of our physical networks unless they’re broken. We simply rely on them to work. In reality, the security...

Cyber Security Industry Shifting to Crisis Mode as Jobs Go Unfilled   The dramatic rise in cybercrime is affecting governments, companies, NPO and industry organizations of all sizes around the globe, but that’s just the beginning. The trend lines started in 2007 to 2013 when Cyber security job postings started growing at double the growth rate of all IT jobs. The labour pool has never caught up. Today, there are over 200,000 unfilled cyber security jobs in the U.S. alone. Cisco estimates that globally there are over one million cyber security job vacancies today. Michael Brown, Symantec’s CEO, expects demand to rise to 6 million positions by 2019, with a shortfall of 1.5 million. What does that mean? So far in 2016, the Enterprise Strategy Group says “46% of organizations now claim that they have a problematic shortage of cybersecurity skills representing an 18% year-over-year increase.” It means that cyber security teams are understaffed in many places, making it difficult to properly protect their organization’s networks. This news comes at a bad time. 2015 is already identified as the being the worse year ever for cyber crime, with nearly 1,000 major data breaches and countless others.  In Canada, PwC says “Cybersecurity incidents...

Who Thinks These Weak Passwords are Funny? The Joke is on us.     We all know that password security is important—especially in an office. But our user's personal account passwords aren’t always top-of-mind when we think of office network and data security. It ought to be, because every user survey I’ve ever seen scares the crap out of me. It should scare you too. Security experts have been warning us for more than 20 years that the most common passwords people use online provide ZERO to NO barriers to intrusion by hackers. We collectively smirk and grin, and probably wonder at who these silly people are who think they’re securing their online accounts with such ridiculously simple passwords. “Stoopid people”, right? Well, the joke’s on us for everyone who manages an office with users who access an office network at work or from home. Let me explain, but first, you have to look closely here at SplashData’s January 2016 Annual List of the 25 Most Common Hacked Passwords… Yes, it looks just like the same list of the most common passwords we saw three years ago, and three years before that. Why aren't people "getting it"? Rank   Password   Change from 2013 1   123456   No...

New Ransomware Alert Issued US & Canada issue joint ransomware alert, discourage paying ransomware to cyber attackers The Canadian Cyber Incident Response Centre and the US Department of Homeland Security issued a joint ransomware cyber alert this week in response to the recent surge in attacks. Both government agencies strongly recommend that organizations and individuals NOT PAY the ransom demanded by cyber attackers. The new emerging variants are targeting healthcare in particular, and other organizations with attack strategies that are extremely ruthless and difficult to respond to. The warning was prompted by recent attacks at Hollywood Presbyterian in Los Angeles, Methodist Hospital in Kentucky, and MedStar, the biggest Washington, D.C.-area healthcare provider, among many others. In a profound understatement, the alert advised that “ransomware's consequences to an individual or institution could include a loss of sensitive data, a disruption of business operations and expenses to restore a system into working order”.   In case you’ve never heard the term before, Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid, usually with Bitcoins, an untraceable online currency.   Suggested Cyber Safety Tips In the meantime, please read following tips to...

Cyber Attack Stats Reveal What Typical Target Companies Look Like Surprise—it’s not the big companies we usually read about… We’ve all seen the headlines about a national retailer or government organization getting hacked into, where either millions of client credit cards were stolen or huge databases of personal information were accessed and downloaded. These are the headline grabbers, and they happen almost weekly today. Where it does happen, it often causes unimaginable grief, money and/or inconvenience for clients and customers; and panic, great expense and reputation loss for the target companies.      This week we show you some surprising facts uncovered by Ponemen Institute in a benchmark study sponsored by IBM. What’s notable is that most hacking attacks are NOT on the high profile and billion-dollar companies. By far, the most common targets are small to medium size businesses where the average “take” is $15,000. These are typically easier targets to crack and make up a hacker’s bread-and-butter revenue streams. Hacking cost the global economy an estimated $445 billion dollars last year. That’s serious money at stake, and a serious incentive for criminal organizations to continue increasing their operations.     Time and Effort Facts about Targeted Attacks 70 HOURS...