On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses. The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files. Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released. So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company?s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities. However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities. What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats. A good way to gauge your company?s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them. Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks. Don?t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business? assets.
In the wake of the well-coordinated ransomware attack, known as WannaCrypt, the world is breathing a sigh of relief.
With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user?s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts. CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child?s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app. On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account. According to the CloudPet?s site, the breach was caused when CloudPet?s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet?s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts. Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use ?easily guessable? passwords.
Many hackers rely on their ability to trick users into giving up information or control of their technology. As technology advances, hackers continue to find new and updated ways to gain access to user accounts. One scam in particular, known as homographs, has seen an increase of popularity as of late. What are they? Homographs are a phishing strategy that is used to disguise a hyperlink to look like a legitimate, secure website. Scammers are able to use these attacks due to the way that many browsers interpret URLs with characters from another language. An example of this can be found with Russian Cyrillic letters, many of which look similar to English letters. To account for this, browsers utilize basic translation tools so a user can still access a legitimate website using non-English characters by translating the address into a series of English letters and numbers. How do hackers use homographs? Hackers are able to take advantage of homographs by using letters from another language that look identical to letters of the English language. They create a URL that looks identical to the legitimate site, but once clicked it will automatically take you to a compromised site where your data can be at risk. This attack works because users won?t be able to see that the URL is not legitimate until it is too late, as once they click the link they will most likely be infected by malware. How can I protect myself? While many browsers have created fail-safes to combat this issue, there are still many browsers that are left unprotected. Even those that do use the fail-safes can be easily tricked, so it?s up to the user to prevent the attack. Be conscious of every link you click, and never open up a URL that you cannot verify. This means any URL in an unknown email address, or a pop-up ad that claims to be a legitimate company. The best way to avoid homograph attacks is to always manually type in the web address. Want to know more about how to prevent cyberattacks? Contact Info Advantage at (585) 857-2644 to talk to our security and technology professionals today.
Face it, your laptop isn?t indestructible. There are only so many times you can throw your laptop in a cramped bag or have it drop from your hands before you see some damage. While many laptops can be saved with something as simple as a sturdy case, many modern professionals work in conditions that make it very difficult to protect the technological equipment needed for businesses to run smoothly. That is why many manufacturers are creating lines of ?rugged laptops,? which can withstand even the harshest of work conditions. What Are Rugged Laptops? A ?rugged?? laptop is a PC that has been designed to withstand very harsh environments and conditions, such as heavy traveling or factory work. These laptops are built to withstand just about anything, including drops, spills, extreme temperatures, and much more. There are a variety of different types of rugged laptops, each built for a specific purpose. Many rugged laptop vendors offer an assortment of rugged laptops that are classified into three ?levels? of ruggedness; semi-rugged, fully-rugged, and ultra-rugged. Semi-rugged laptops are typically enhanced versions of commercialized laptops with more protection, where an ultra-rugged laptop is built from the inside-out to resist even the harshest environments. What Classifies a Laptop as Rugged? Most rugged PC manufacturers use the MIL-STD-810 environmental durability standards to test how rugged their laptops are. The MIL-STD-810 was originally created in the 1960s by the US Department of Defense as a guideline for designing military-grade technology that can be used in high combat areas. The standard provides a variety of different test methods which can be used to ensure equipment is suitable enough to be used on the field of combat. This includes tests for temperature, vibration, impact, water resistance, altitude, sand or dust, and more. Manufacturers are also known to reference the Ingress Protection Code, which classifies the degrees of sealing protection of electrical equipment, and the NEMA classification, which describes different electrical enclosures and how they hold up in different environments. Who Should Be Using Rugged Laptops? While rugged laptops are typically designed for people who work in extreme conditions, just about any business professional can find value in a rugged laptop. While you may not be using your laptop underground or at sea, your personal computer may be taking on more damage than you think. Laptops are often shoved in bags or airplane compartments, or left in places they could potentially get damage, such as a bathroom or kitchen. Therefore, just about anyone who takes their business on-the-go can find benefits from ruggedized laptops. If you?re interested in a more rugged laptop but don?t know what level of protection you need? Contact the technology experts at Info Advantage today at (585) 254-8710 to talk about what technology solutions will best fit your business. [Photo: DoD]