SonicWall recently released their 2017 Annual Threat Report, which takes a look into the technology security trends in the upcoming year. In the report, SonicWall carefully observes and analyses the technology threat landscape from the last year and uses it to predict how it will continue to change in the future. Here?s a brief summary of their most important findings for 2017, and what it means for modern business. Point-Of-Sale Malware Declining With the integration of chip-based POS systems, hackers are finding it more difficult to steal sensitive information through POS malware attacks. The chip readers allow the transaction to be approved by creating a unique code that cannot be used again, as opposed to the traditional magnetic strip that uses the same code each time it is swiped. Thanks to the integration of the chip-reader, along with stronger legal guidelines, SonicWall observed that the number of new POS malware has decreased by 88 percent since 2015. Website Encryption on the Rise As web traffic continues to grow exponentially, users want to ensure that their data is kept safe. Due to this, many websites are opting to use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect sensitive user data. SSL/TLS encryption is represented by a lock and HTTPS URL, rather than the standard HTTP URL. This ensures the user that their information is safe, and is only being sent to the intended recipient. SonicWall believes the trend towards SSL/TLS encryption is due in part to the growing trend of cloud applications. They expect the trend to continue into 2017, and believe that SSL/TLS traffic will account for 75 percent of online interactions by the year 2019. Ransomware Becoming More Popular Ransomware was by far the most popular security attack in the previous year, with an increase from 3.8 million attacks in 2015 to 638 million in 2016. According to SonicWall?s Global Response Intelligence Defense (GRID), $209 million in ransom had been paid by affected companies by the end of the first quarter. The growth was most likely driven by the increased access of ransomware as the ransomware-as-a-service (RaaS) industry expanded. This allowed individuals to purchase a ransomware pack without requiring the necessary coding skills needed to launch an attack. The most common attack is known as Locky, and is often attached to emails as disguised as a Microsoft Word invoice. As the RaaS industry continues to grow, SonicWall?s GRID suggests that all organizations backup their data continuously to a backup system that isn?t always online, or uses authentication. Internet of Things Devices Compromised The recent advances in technology have opened up the world to more and more connections to the Internet from more than just a computer, smartphone or tablet. These days, Internet of Things (IoT) devices can be anything from a camera or smart watch, to a smart car or home security system. Due to the wide-adaptation of IoT devices, many developers have felt the pressure to release their devices as soon as possible, which often means oversight in security. This made it easy for hackers to discover weaknesses in IoT devices, resulting in the launch of largest distributed denial-of-service (DDoS) attacks in history. The attack used thousands of IoT devices with weak passwords to launch an attack on hosting company OVH and DNS service provider […]
One of the major arguments for die-hard Apple fans is that their devices are nearly invulnerable to the attacks that work their way into other operating systems, such as malware or viruses. While it is true that Apple has a much lower rate of malware infections, this does not make it impenetrable, and hackers are constantly looking for new ways to extort data. One newly discovered malware, known as Fruitfly, takes advantage of an antiquated code that allows it to run undetected on macOS systems. What is Fruitfly? Fruitfly is a newly discovered type of malware recently found by the team at Malwarebytes. While relatively harmless, this malware is able to hide inside of OS X without alerting the user of its presence. The malware communicates with two command-and-control servers, which allows it to perform actions such as typing, webcam and screen capture, and even moving and clicking the mouse. It can also map other devices and try to connect with them. Where did Fruitfly come from? There is a bit of mystery surrounding the origins of Fruitfly. According to Malwarebytes, Fruitfly may have been hiding in a OS X for several years, as much of its code indicates that it was adapted from OS X to Yosemite, making it at least three years old. However, there are also lines of code that rely on pre-OS X systems, and some open-source ?libjpeg? code, which hasn?t been updated since 1998. So far, most of the discovered instances of Fruitfly have been found on machines at biomedical research institutions. What can I do to protect my device? Luckily, it seems that most of the Fruitfly attacks are targeted, making them a minor threat to an everyday user. However, Apple has yet to release a patch against Fruitfly, so users should take caution and keep an eye out for any updates they release in the near future. One of the best ways to ensure that your device stays infection-free is through constant monitoring of your network. Keep an eye out for any irregularities, and don?t let anything go unreported. Worried that your network is in danger of malware infection? Not sure what to look for when monitoring your network? Contact Info Advantage today at (585) 254-8710 to talk to an IT professional about how to keep your devices safe from harmful attacks.
Disasters can strike at any moment to anyone, with very little warning. While many businesses are prepared with their Business Continuity Plan (BCP,) many organizations may not take the time to fully explain their BCP to their employees, leaving them scrambling when a disaster does strike. Here are a few steps every business should take to ensure that their employees know exactly what to do in the event of a disaster. Plan Ahead For any plan to work, there needs to be proper preparation to ensure that everything runs smoothly. You want to give your employees a clear direction to follow in the case of a disaster, so they know exactly what to do the moment it happens. The best way to work through the execution of a BCP is to hold a meeting with all your employees to talk about what needs to be done, and who will do it. You want clearly defined roles and open lines of communication, so employees will know exactly what to do and who to contact in an emergency. Have the Proper Tools A plan can only work if you have the right tools to execute it. In the event that your business goes down, it can mean the inability to work and loss of important data. One way to avoid these issues is by hosting some or all of your business activities through a cloud service. These services will allow you and your employees to access important work documents from just about anywhere. This means that even if the office is down, employees will be able to set up their workstation from another location almost instantly. Investing in a cloud-based VoIP will allow any calls sent to a down phone line to be redirected to another location, such as the employee?s personal cellphone. Practice Your Plan When it comes to executing a BCP, practice makes perfect. Let your employees get a feel for the tools you have provided them so that they will know exactly what they are dealing with in the case of a disaster. This includes providing them training for any hardware or software they need to use, creating a sense of familiarity that will directly relate to a seamlessly executed BCP. Take the time to review with each employee, and make sure they completely understand what needs to be done by them. Don?t wait until a disaster hits to worry about your business continuity plan. Contact Info Advantage today at (585) 254-8710 to speak to a professional about how you can ensure your business will run smoothly even when faced with a disaster.