18 Apr

Firmware: How to Keep it Secure

For decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy — and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security.

 

What is firmware?

 

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

 

Why is firmware security so important?

 

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

 

How do I protect myself?

 

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

 

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today at 1-866-BIT-WISE or shoot an email to sales@eitnetworks.net.

Share this
20 Feb

Understanding Cyber-Security

As technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

 

Understand the threats you’re facing

 

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

 

Reevaluate what it is you’re protecting

 

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

 

Create a baseline of protection

 

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

 

Finalize a plan

 

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
“Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
Antivirus software that specializes in the threats most common to your industry.

 

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security. Give us a call at 1-866-BIT-WISE or email us at sales@eitnetworks.net.

Share this
15 Dec

Gooligan Malware Haunts Android Devices

It is the largest single theft of Google accounts ever reported. And if you own an Android 4 or 5 phone, it has likely already affected you. The Gooligan virus, running rampant in third-party app stores, promises to keep wreaking havoc until developers find a way to shut it down. To help your business avoid malware catastrophe, read on to learn what we know about Gooligan so far.

 

It is estimated that since Gooligan’s August 2016 appearance, the malware has infected more than 1.3 million Google accounts — one of the largest single thefts in recent history.

With the range of personal data available in Google accounts, it is interesting to note that Gooligan’s purpose isn’t to steal the valuable information; instead, it’s to distribute advertising fraud. With as much as $320,000 a month going into the pockets of Gooligan developers, it is obvious that the ploy is working.

 

How Gooligan is Moving Through the Internet

 

Consumers are falling prey to the virus when they attempt to download a fake app from a third-party app store. Instead of getting the program that they were promised, they inadvertently allow the Gooligan malware to root into their Android OS and take control of it. Once in control, the virus downloads apps using your Google information. These apps are infused with ads that belong to Gooligan developers, bringing them a never-ending stream of income.

 

Where Gooligan Came from and Where it’s Going

 

Gooligan appears to be a variation of the 2015 Ghost Push malware, which was also wildly successful at infecting Android users. Google is currently working with Android engineers and Internet security firms to quelch the malware; they believe that through cooperative efforts, it will disappear from public attention. As it is, those who have updated Android versions of 6.0 or greater are not affected by the malware.

You can lower your chances of contracting the Gooligan malware by downloading apps only from Google Play and checking your system through the security firm Check Point to ensure your Android hasn’t already been infected.

 

For more information on Gooligan and how you can protect your company, contact us at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
23 Sep

Cybersecurity Terms YOU Should Know

Everyone, from doctors to lawyers, needs to continue learning to stay ahead of the times. Business owners might have it worst of all, oftentimes needing to stay on top of several industries to keep their company running. Keep reading for a refresher on all the latest trends and buzzwords used in the cybersecurity sector.

 

Malware

 

For a long time, the phrase ‘computer virus’ was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as a type of malware.

 

Ransomware

 

Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

 

Intrusion Protection System

 

There are several ways to safeguard your network from malware, but intrusion protection systems (IPSs) are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can deploy an exploit or take advantage of a known vulnerability.

 

Social Engineering

 

Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite difficult to pin down, experts agree that the majority of attacks require some form of what is called ‘social engineering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.

 

Phishing

 

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known, business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value — always verify the source of any service requesting your sensitive data.

 

Antivirus

 

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known malware variants.

 

Zero-day attacks

 

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

 

Patch

 

When software developers discover a security vulnerability in their programming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

 

Redundant data

 

When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s office ensures that if there is a malware infection, you’re equipped with backups.

 

We aren’t just creating a glossary of cyber security terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out for yourself. Call 1-866-BIT-WISE or email sales@eitnetworks.net.

Share this
09 Sep

Fantom: A New Security Threat

The heart of a lady is not easily won; a man can’t rely on his looks or wallet to make a girl fall head over heels. He must charm his way into her heart. Let’s say that a computer user is the woman, and that ransomware, the man, is the dreamboat that has worked his way through all the woman’s defenses. How? He looked the part. This is how ransomware weasels its way into IT — because it doesn’t seem to pose a threat. Beware of Fantom, the most recently detected ransomware that is a master at deception.

 

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

 

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are named criticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

 

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% — simply press CTRL+F4. Unfortunately, the encryption process remains intact.

 

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook’s server, and a public key left on the user’s PC.”

 

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

 

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

 

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call or send us an email. Reach us at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
14 Jun

Ransomware Adopting Self-Replication

Although some may have hoped that the threat of ransomware was on the decline, the reality is that it’s quite the opposite. Until now, attacks seemed to be targeted directly at its victims, but Microsoft warns that may no longer be true. With their discovery of self-propagating ransomware it’s vital to fully understand the possible risk of infection.

 

Ransomware, the malware that locks up infected systems and demands payment to return access to users, has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”

 

And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.

 

Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.

 

Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.

 

When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types — inferring that creators of the malware were continuing to develop its source code.

 

It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins (500 USD) unless payment is more than four days after infection — then it increases to five Bitcoins (2,700 USD).

 

Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software.

 

Still concerned about security at your SMB? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock. Reach us at 1-866-BIT-WISE or sales@eitnetworks.net

Share this
26 Feb

CAUTION: This Malware can Erase Your Android!

The smartphone. It may seem like the last safe haven from online security threats. As it rests snugly in your pocket, you may never even think a virus, trojan or other malware could ever touch it. And even if it did, how much damage could it really cause? Well, for Android users, we’ve got some bad news. There’s a new malware in town that can cause catastrophic damage to your phone and data. In fact, it can wipe out all your personal data completely. Here’s the full scoop on this terrifying malware, and some simple tips to prevent it from infecting your Android.

 

How does it work?

 

Mazar, as the malware is known, spreads exclusively via links in a text message. Once the user clicks on the link, Tor software is downloaded, which hides the source of the malware by allowing anonymous Internet connections. Then with little chance of being noticed, mazar is downloaded onto the phone.

 

What’s the risk?

 

Not only can mazar erase all your personal data, but it can also wreak havoc on your phone in other ways. If your Android is infected, the malware can secretly monitor your device, send text messages, and take control of your settings and keys. Similar to trojan malware, mazar creates a backdoor to your smartphone for cyber criminals to enter. Once the hacker is in, he can control your Android as however he sees fit.

 

How can you protect your Android?

 

If the language setting of your phone is set to Russian, you are safe. So unless you’re looking to take up a second language, the best security measure is to be cautious of all text messages you receive on your phone. Just like your mother taught you not to talk to strangers, you should also avoid clicking on their links. But you should also be wary of texts from friends because, as most of us know, hackers can easily disguise themselves as those close to us.

Lastly, there is one small, practical step that may help prevent mazar from infecting your Android. Simply switch off the security setting that allows apps from unknown sources to be installed on your phone.

 

As an MSP provider, we at EIT Networks know how stressful security issues can be. The worry can cause you to lose focus and be less productive. That’s why we want our customers to know that we’re always there to offer security tips and solutions to keep your data safe. Whether you’re looking for a security solution for your Android or for your business, give us a call at 1-866-BIT-WISE or email sales@eitnetworks.net, and we’d be happy to give you some peace of mind.

Share this
09 Oct

Best Browser Extensions for Security

Protecting your privacy online is crucial in today’s world to avoid data breaches, malware attacks, and other mischief hackers can throw your way. The easiest way to do this is through browser extensions, but the question is which is best? Here, we’ll take a look at the most popular browser extensions that promise to protect your online privacy.

 

AdBlock Plus (Chrome/Firefox/Safari)

 

AdBlock Plus blocks ads, scripts, and popups on your browser. It kills third-party scripts and widgets that send your data to who-knows-where. Be careful you use it properly, the extension can break the sites you read, which is why you have to first figure out what to allow and what to block. AdBlock Plus also stops you from visiting known malware-hosting domains, and it allows power users to play with different subscription lists while basic users can just enable it and walk away. Best of all, it is completely free.

 

Disconnect (Chrome/Firefox/Safari)

 

Disconnect Private Browsing protects you from tracking, malware, and malvertising while offering secure Wi-Fi and bandwidth optimization features. Third party tracking cookies become a thing of the past, and you can enjoy total control over all site scripts and elements from a user-friendly toolbar menu. You’re completely guarded from ads injected by malware or ad networks that are hijacked by embedded malware.

Disconnect also protects you from tracking by social networks like Facebook, Twitter, and Google, which use your browsing experience even when off-site in order to collect data about you. What’s more, you’ll never have to worry about sidejacking, which is where an attacker uses stolen cookies to access your personal data without having to know your password. Available in free version and Premium, the main difference is that Premium adds mobile malware blocking and tracking to its arsenal, too.

 

HTTPS Everywhere (Chrome/Firefox/Opera)

 

One of the must-have tools for your browsing experience, HTTPS Everywhere shunts your connection to SSL whenever possible, and will try to find secure versions of the sites you visit. This protects your browsing experience and online privacy without you really having to do anything. Updates have also just been rolled out to keep you safe on thousands more sites around the web, and this extension is free for download.

 

Tunnelbear (Chrome)

 

This Virtual Private Network (VPN) encrypts all of your internet traffic, secures your browser data, and offers robust protection from prying eyes. Best of all, this won’t cost you a dime. Unfortunately, though, Tunnelbear is only available on Chrome at the moment; Safari and Firefox users will have to wait a little longer for this extension to come their way.

 

Web of Trust (Chrome/Firefox/Safari/IE)

 

Web of Trust (WOT) is a free extension that ranks sites by reputation and shows you whether a specific site has been known to host malware or is loaded with tracking cookies and scripts that could wreak havoc on your system.

 

If you’ve been browsing the web without any protection, or feel like your online privacy is at risk, talk to one of our experts at 1-866-BIT-WISE or sales@eitnetworks.net, and we’ll be happy to help.

Share this

© 2016 EIT Networks, LLC. All rights reserved.