Posts tagged hackers
One of the most urgent priorities for all businesses connected to the Internet is making sure that all employees and staff members are trained to avoid the possibility of data breaches. The following guide will include some of the specific practices which all employees should be trained in or which they should put into practice, in order to bring about desired results.
Get Employee Buy-in
There are, of course, some things you can do to deflect viruses, and there are software measures which can be taken to take advantage of the latest security protections. However, the most effective tools at your disposal for maintaining cybersecurity are those used to obtain employee buy-in for security measures.
It’s essential for you to convince your employees of the need to be vigilant against the possibility of cyber-attack because it will impact them personally. Employees need to understand that they could have their own data compromised and that if serious harm is done to the company, that could result in an interruption of work, if not a total cessation.
If the company’s reputation is damaged by a security breach, that could lead to declining fortunes of the company and in a worst-case scenario, even bankruptcy. Making employees understand how all this affects them personally is a very important point to use as a means of obtaining their buy-in to cybersecurity.
Make Sure Employees Understand Their Roles
Employees need to understand that the majority of cyber-attacks these days are perpetrated against humans, and not through the exploitation of weaknesses in firewalls or other preventive measures. Humans can easily be duped by phishing attacks and other social engineering techniques which seek to exploit their general unpreparedness against security breaches.
Train all employees to avoid sending sensitive emails to external sources, not clicking on files which are un-validated, being tricked by phishing attempts, using the social media carelessly, and connecting to Wi-Fi with a work laptop.
Implement Digital Precautions
If your company deals with financial transactions, these should always occur with safety in mind, and every possible means of data protection should be implemented. First of all, transactions need to be conducted over a secure network, rather than using open source software for transaction processing, since you can’t be sure of software security.
If any devices or appliances in your office workplace are connected to the Internet of Things (IoT), make sure that passwords are regularly changed, and that these are strong passwords. Already, numerous attacks have been made on devices connected to the IoT, for instance transforming them into gateways to company networks.
Keep antivirus subscriptions up to date, as well as any malware subscriptions you have, and as soon as you are supplied with patches by your vendors, make sure that those patches are scheduled for the application.
Everything possible should be done to make access to your data files extremely difficult, especially information which is considered a business-critical or high priority. Create an environment where it’s easy for your employees to report suspicious activity, such as emails that don’t seem legitimate. By encouraging an open environment which emphasizes security, you can have all of your employees on the alert, and inclined to report anything suspicious at all.
Employee training should be conducted at least twice a year so that all the information provided is reinforced constantly. It may seem like a bore to employees, but that repetition will be well worth it if it thwarts a serious cyber-attack. Make sure no one is exempted from the biannual training, and that it’s tailored to specific groups within the company that has specific responsibilities because these could be subject to different kinds of security attacks.
Try to keep training sessions simple, so that they become very memorable to employees, and so the practices become more implementable. In between formal training sessions, it’s a good idea to post safety reminders at strategic locations throughout the company.
Cyber Security Reviews
It’s a good idea to review communication processes used by the company every three months or at most every six months and make sure that all company employees are receiving the security messages which are being broadcast. Make sure that you have a reporting system which identifies any security breaches, and is sure that the statistics are trending in the right direction.
There can be a lot involved with keeping employees trained to avoid cyber-attacks, and all the work involved should not be left up to the I.T. department, because typically these individuals already have plenty on their plates. If the training program is to be successful, there should be dedicated personnel to conduct the training, and there should be a formalized plan which covers several years.
In the first year of the training program, it might be advisable to keep things simple and just get training guides issued and implemented. The next year, a deeper cut can be made at instructing employees, possibly by tailoring security content to specific groups of employees and individual departments.
After those initial years, your training program might focus on quality control, obtaining employee feedback, and developing more sophisticated methods for delivering your safety messages. Throughout the entire training process, for as long as it’s conducted, all changes in the cybersecurity environment should be monitored, and it should be verified that training is kept current.
If you can provide this kind of in-depth training to your employees on a regular basis, and make sure that the content is actually useful and relevant, you will go a long way toward protecting your computing environment from attack by the criminal-minded.
Cyber attacks of recent years have grown in number and size, making it crucial to alert the computing world at large of the need to protect data assets and network infrastructure. Large corporations, small businesses, and even private individuals are all subject to attack from criminal-minded hackers who are bent on profiting from illegal penetration into your computing system. Many of the most high-profile cyber attacks of recent years targeted large corporations, simply because of the potential for extracting more substantial sums of money from them in exchange for the safe return of business assets (ransomware). While attacks against small businesses (SMB’s) have not garnered the headlines nor the high visibility of major attacks against big corporations, that doesn’t mean they aren’t taking place. In fact, small businesses now are being hit much more frequently because hackers have realized that, all those small profits from SMB’s do add up to big money in total. Statistics show that over the past several years, more than half of small businesses have had network security breached in some way by hackers. This alarming development should clearly point out the need for small businesses to be on the alert, small business cyber security should be taken seriously.
Managing the Risk of Cyber Attacks Against Small Businesses
In addition to the cumulative appeal of profits from small business attacks, there is another reason why criminals have been turning their attention to SMB’s. With fewer resources allocated to cybersecurity, and less formalized training and education against the potential for cyber attacks, small businesses often present very inviting targets for the criminal-minded.
It’s also true that limited budgets make small businesses cyber security not as readily accessible. However, even with limited resources, there are at least a few necessary steps that all small businesses can take, which will reduce the likelihood of an attack, and at least provide some measure of security for valuable business assets.
For instance, at least one person in every small business can be designated to stay abreast of all known cyberattack threats, so that it’s at least possible to take preventive measures against specific threats and risks. This would typically be an I.T. person who’s also responsible for keeping system software updated with any security patches made available by vendors. Soon after the newest cyberattacks appear, software gurus are at work developing fixes to patch whatever weakness allowed the attack to take place, and these should be applied to your software system as soon as they are made available.
It’s also imperative to take regular backups of business-critical data so that in the event of an attack like ransomware, there is always a safe and current version of data to fall back on, without surrendering to the demands of a hacker.
Education and Training on Small Business Cyber Security
It’s fair to say that the biggest vulnerability for small business cyber security is the lack of employee education and training. This, of course, is not limited to SMB’s, because even corporate giants are frequently exposed to cyber threats by the weakest point in their networks, which is the actions of employees.
Hackers are naturally aware of this, and much of their time and effort is spent trying to dupe unsuspecting company employees into providing them with crucial information like passwords or account data which will allow them to carry out attacks against the company network. All this should make it clear that one of the top priority investments in small business cyber security is to properly educate and train employees about cyber threats, and how they’re carried out and resolved.
Every employee needs to be aware of the potential for cyber attacks and should treat anything suspicious with extreme caution. At the bare minimum, all employees should be educated about the necessity for safeguarding passwords, credentials, and account information. Such attacks can be carried out through email phishing scams, or possibly social media, where cyber attackers are known to be listening, and waiting to exploit unsuspecting employees to obtain vital security information in a seemingly harmless environment.
Hackers can also obtain business details information from employees via social engineering, wherein cyber attackers manipulate employees by pretending to be clients, banking institutions, or other characters of authority or importance. Some of these attacks are made through phone calls where a supposed colleague requests to know changes made to account information need to be reminded of specific passwords to gain access to system software. Hackers posing as managers from other departments have also exploited unwary employees with phone calls asking for similar information, which can then be used to breach the computing system and hijack valuable company data assets.
Some small businesses in the country have gotten the message, and have taken whatever steps they can to prevent cyberattacks, or at least reduce the potential for them. If awareness is the first big step toward improving your small business cyber security, educating employees about cyber attacks can be said to be an essential second step. Hackers these days are determined to victimize small businesses as well as corporate giants, and that means SMB owners and managers have to be just as committed to preventing those attacks.
A study recently conducted by RiskVision, a respected developer of Risk Management software, determined that more businesses today are concerned about company reputation than they are about potential breaches of security which might impact them. It has long been known that companies consider a brand name to be one of their most significant assets, even though it’s an intangible that has value to no one outside the company itself.
In this survey, damage to a brand name was considered to be potentially more damaging than security breaches, even though the two often go hand-in-hand today. Hackers who successfully penetrate into a company’s computing network often do inflict serious damage to the reputation of the business, and subsequently its brand name. It should, therefore, be kept in mind by all business owners that security breaches need to be taken seriously, to prevent damage to the company brand-name, as well as all the usual financial ramifications.
How a Security Breach Can Damage Your Brand Name
Typically, the first thing a customer considers when thinking about brand names, about products or services, is whether or not the product or service provides quality and value, and whether the cost is in line with the levels of quality and value delivered. However, any company which has suffered a known security breach often falls into an entirely different frame of evaluation.
Consumers will often think that any business which has allowed itself to be hacked by criminals is not worthy of their trust and patronage. After all, if their business practices were lax enough to permit the cyberattack in the first place, that may be a sign that other important aspects of the business are also conducted with inadequate attention to detail. This fact is borne out powerfully in a poll jointly conducted by CSO and OnePoll, which attempted to determine the connection between insufficient security and a company’s brand name, as perceived by consumers.
In the survey, a whopping 86% of customers declared that they were unlikely to patronize a company which had suffered a severe security breach, especially if the breach was related to customer information. This represents a definite shift in consumer thinking from the early days of cyber attacks when businesses were perceived as victims entitled to understanding and sympathy from the public. In the now-famous cyberattack against department store giant Target, sales for the entire quarter after their security breach dropped like a rock, falling almost 50% from the prior quarter.
Impact of Security Breaches on Small Businesses
Major security breaches perpetrated against small companies can have an enormous effect and can cause irreparable brand-name damage from which recovery is either very difficult or downright impossible. In 2016, a study was conducted by KPMG which determined that almost 90% of small businesses had suffered serious brand name damage in the immediate aftermath of a security breach.
In a white paper published by the National Cyber Security Alliance, figures were released which showed that as many as 60% of all small businesses completely collapse less than six months following a significant cybersecurity breach. Interestingly, both of the studies referenced above reported that less than one-quarter of all small businesses considered cybersecurity to be a top priority. The fact that there has historically been relatively little concern about cybersecurity breaches may account for the often devastating impact that attacks have had on those business entities.
Taking Steps to Secure Your Business
A cyber security plan doesn’t need to be especially elaborate, and it doesn’t need to be funded to the hilt, with every conceivable kind of virus detection software. There just needs to be a well thought out plan for cybersecurity, and a legitimate effort to enforce that strategy. There are some straightforward but very cost-effective measures which can be adopted to thwart the vast majority of cyber attacks.
Using strong passwords on all company computers is a good start, followed up by installing security software on company devices. It’s always best to keep hardware and software updated with the latest available security patches and to periodically back up business-critical data. The weakest point of any company’s network should not be overlooked, which means employees need to be educated about the risks of cyber attack.
The important thing to remember about any cybersecurity policy is just to implement as many of the simple steps listed above as possible and to do it immediately so that your system is not left vulnerable to penetration by cyber attackers. As some of the survey results mentioned above make clear, every kind of business from the corporate giant on down to the mom-and-pop retail outlet must take all steps possible to avoid the possibility of major security breaches. Failing to do this can cost you a lot more than money – it can cause irreparable harm to your company’s reputation.
If you haven’t heard about key reinstallation attacks yet, they’re the most recent form of Wi-Fi hacking. It’s also possible that you actually have heard about them under their media nickname, which is ‘Krack Attacks.’
Regardless of the nomenclature, key reinstallation attacks are attempts to exploit a flaw in the Wi-Fi encryption protocol which permits hackers to hijack all kinds of personal information, including photos, passwords, and account numbers. The first thing to know about key reinstallation attacks is that they’re not specifically targeting any particular hardware, but rather a weakness in the Wi-Fi protocol itself.
This means that all smartphones, mobile devices, routers, and desktop machines are subject to attack, and any or all of your personal data may abruptly come into the possession of someone with criminal intent. Today, we’re here to discuss what you should know about this new threat.
How Key Reinstallation Attacks Work
Researchers have uncovered a flaw in the WPA2 Wi-Fi protocol which allows hackers to replicate a user’s network entirely, and by falsely representing the Media Access Control (MAC) address, which is a device’s physical address, it can actually cause a switch in Wi-Fi channels.
When a bogus network is set up in this way, it can actually intercept signals from any remote device attempting to connect to the original system, causing such attempts to bypass the real network, and instead connect to the rogue.
The way WPA2 encryption is supposed to work, it would require a unique key for any encryption request, but the flaw uncovered in the WPA2 protocol does not always need that specific key, and instead, reuses a previous one. The problem is particularly acute with Linux and Android, because of the way they make use of the WPA2 protocol. In these operating systems, a unique encryption key is not demanded every time an encryption request is made, leaving the system vulnerable to hacking.
In layman’s terms, the Wi-Fi protocol can be exploited when hackers can find a vulnerable network and take advantage of the WPA2 weakness, ultimately directing users to the rogue network for data hijacking.
Researchers Proof of Concept
Previous minor flaws had already been uncovered in the WPA2 protocol, so researchers were already fearful that some even more significant problem might be lurking within the software. The key reinstallation flaw was discovered by those researchers, who then conducted proof of concept experiments to attack a theoretically vulnerable Wi-Fi system. On an Android system, the researchers were successful in intercepting and decrypting all the test victim’s data.
According to these penetration experts, the same kind of ‘success’ could not be achieved on a system setup with HTTPS secure socket layers but would wreak havoc on sites which have been poorly set up and missing HTTPS. While Linux and Android are most severely affected because of how they use WPA2, other operating systems like Windows, MacOS, and OpenBSD would also be compromised but to a lesser degree. How serious is the issue for Android? Experts recommend that owners of Android devices shut off Wi-Fi until known fixes have been applied to close up the weakness in the protocol.
What You Can Do to Avoid Krack Attacks
One of the best things you can do to avoid the possibility of a key reinstallation attack is to look for the ‘https’ at the beginning of any URL for websites which you visit. That ‘https’ is an indicator that the site uses secure protocols, and you would be safe in visiting. You can also simply avoid using Wi-Fi for the time being, while software gurus hurriedly develop a fix for the vulnerability. This may be inconvenient, especially when you’re away from home or the office and might need Wi-Fi, but it’s much safer than having your sensitive data fall into the hands of a criminal.
One of the interesting things about these attacks is that a hacker must be within the physical range of your machine before the attack can be carried out, and while that does serve to shield many users from harm, an actual attacker can’t be identified beforehand so you know if he’s close enough. So naturally, you can’t rely on remaining safe because you aren’t within range of a criminal – after all, what does a criminal look like?
Fortunately, the fix will be relatively easy to develop in this case and should be forthcoming relatively soon. All that’s necessary is a simple change to the firmware so that during the ‘handshake’ between devices, a unique key is requested every single time, rather than sometimes relying on previously used ones which can be exploited. Get in touch with your provider and ask when fixes will be made available, and as soon as those security updates are released, make sure they are applied to all your devices.
Network Security on Your Home Computer
No matter how much time you spend on your work computer, your home computer contains some of your most important files. Our personal machines help manage our finances, social relationships, and professional lives, but we often don’t put in as much effort into keeping them secure. Our computers contain a variety of personally identifiable information (PII), and it’s important to maintain sound computer and network security to protect your files.
Connecting Your Computer to a Secure Network
A network router is your first point of contact with the Internet. Don’t just rely on your ISP (Internet Service Provider) or cable modem to perform comprehensive security monitoring. An Internet connection starts with your modem, connects to your router, and feeds this information into your computer. Your router should be secure before connecting to the Internet.
Here are a few tips to maintaining network defense, once you are connected to a secure network. First off, use a web browser with sandboxing capabilities. A sandbox is an isolated environment that mimics an entire computer system, which targets suspicious programs and analyzes potential threats.
Browsers with sandboxing capabilities are especially useful for recognizing advanced persistent threats (APTs). These APTs are designed to escape detection, breaking through conventional security barriers, and gaining access to PII on your computer. Sandboxes help capture these viruses and clear them out.
When you own a business, you want to keep your home computers well-defended because any crossover information between work and personal machines, through email or messaging apps, can cause a data breach. A recent study found that 60% of small companies fail due to poor network security measures.
Sandboxing can be applied to a number of different programs, such as PDF readers. A common means for viruses to attack your computer is through embedded URLs, where malicious executables can gain entry via PDF files.
Keep Everything Up-To-Date
While this may seem self-explanatory, many malware attacks occur because personal computers are not as diligently updated as company devices. Make sure your computer has current versions of all software you run.
Updating programs like Microsoft Office to the 2007 version or a more current iteration is a good idea, since word-processing is a common function on home computers. Microsoft Office 2010 offers a “Protected View” that opens documents in read-only mode, which blocks any viruses embedded in unfamiliar files.
Many applications have a feature that enables automatic updates. Updating frequently is a good network security practice, since attackers typically exploit hosts that don’t have their software applications fully patched. Additionally, evaluate which programs you use most frequently and those you never seem to use. Do some research on the software you wish to delete, and determine if removing them is possible. Fewer applications on your computer workstation mean fewer channels for hackers.
Social Engineering and Phishing Attacks
Some of the most common attacks are executed through email. A social engineering attack uses human interaction to obtain sensitive information on computers with vulnerable network security. In these infected emails, a person can claim to be an employee, cleaning service, or someone else offering qualifications that would allow them to gather your confidential information.
Phishing tactics also use emails from attackers masquerading as reliable organizations to obtain personal details. Often, these phishers will take advantage of events in the news (i.e. fake natural disaster fundraisers) and holidays (i.e. Christmas shopping deal scams) to steal account information. They even go so far as to pose as reputable banks to issue fraudulent warnings, hoping that alarmed card holders will hand over their account credentials.
Keeping Your Home Computer Safe From Attacks
To avoid these attacks, install anti-virus and anti-spyware software, firewalls, or email applications that filter your inbox. Whenever you are asked for sensitive information such as your credit card number or even your birthday, verify that your information isn’t falling into the wrong hands.
If you suspect that you’ve received a phishing email, call the organization the message claims to be from. Use the contact info on the legitimate website, and ask about the email.
In general, don’t open unfamiliar links or messages with attachments, especially from email addresses not in your contacts. Also, find out how to build a strong password and employ those methods for all of your accounts. Secure and complex passwords should not only be used for WLANs but also for any devices in your home and work that use web interfaces (i.e. printers, self-automated light switch systems, etc.)
When it comes to protecting your personal information, there’s no such thing as taking too many precautions. At Geek-Aid, we specialize in every kind of cyber security. We all rely heavily on personal computers to manage many aspects of our lives, and keeping these devices secure is a top priority.
Last week, we discussed a couple of habits that will help you protect your computer’s security. Hopefully, you now know how to navigate the internet better and protect your data. In order stay vigilant and protect your computer, there is more that you need to know. After all, there is only so much you can do to keep hackers from trying to access personal information. Let’s discuss how you can check if your computer’s own security methods are in working order.
Keep Your Computer Updated
Computer companies know how troubling hackers can be, for both them and their consumers. They do not want hackers infiltrating the private information of the people who buy their machines. That’s why they constantly update their computer security system to fight off all sorts of viruses, malware, and trojans. The first thing you should do is check if your computer is running the latest update. This will ensure that it is up-to-date and ready to fight off anything trying to penetrate your system.
Scanning Your Settings for Better Protection
There are plenty of useful tools that computer manufacturers release as well. These tools are able to scan your computer for potential problems like weak user passwords or if you are using all of your security features. They can also educate users on the proper security setting for protection against threats. Just remember to download this kind of software straight from your computer’s manufacturer and not untrustworthy sites.
Secure Your Internet Browser
The number one way that hackers gain access to your computer is through the internet. Accidentally opening suspicious emails, clicking random links, or browsing unfamiliar websites can leave you at risk. In order to avoid downloading something malicious, you have to secure your browser’s own security settings. You’ll find that your browser does more than just block pop-up ads. Like your computer, your browser needs to stay updated to protect your system. Your plugins need to stay updated as well. If they remain out of date, then your system is vulnerable.
Make Sure You Have a Strong Firewall
The biggest defense against hackers is your system’s own firewall. Most computers come with a built-in firewall. They block others from penetrating your computer’s files and prevent them from seeing your system online. You have to make sure this computer function is working at optimal efficiency. Try running a port test service. These services are meant to test your firewall and make sure the world cannot see your computer. If it can detect your computer, then it’s very likely that your firewall settings are not correct or that you have a virus.
Make Sure Your System Is Secure With Geek Aid
Confused? Want to make sure that your system is absolutely secure? Well, Geek Aid is your best bet. Our geeks are trained to know the ins and outs of your system. That way they can not only protect you against viruses or threats but keep your system in working order. We make house calls and service offices as well. So, call us at (877) Geek-Aid to speak with one of our geeks today.
It seems harder and harder to protect your computer from security threats and virus. Hackers are constantly trying to gain access to your computer system using the latest tricks and cons. We’ve discussed before how to protect yourself from malicious malware. For example, if you click on a suspicious link in an email, there a good chance you’re inviting a virus to infect your computer. However, a new report suggests it might not be enough. A new virus is now able to infect your computer the moment your mouse hovers over the link.
Malicious Malware Installs Banking Trojan
What’s a Banking Trojan? It’s a type of malware that is designed to break into an online bank account and move a person’s money into a hacker’s bank account. In the U.S., these trojans steal millions of dollars from business and personal accounts. Companies and organization are usually the targets of these nefarious campaigns.
Research by cyber security company Trend Micro and information security blog Dodge This Security revealed a new malware downloader is installing banking Trojans. What makes this particular malware stand out is that users don’t even have to click on anything for it to activate. All users have to do hover their mouse cursor over a hyperlink in a PowerPoint file.
These attacks were largely made against companies and organizations in Europe, the Middle East, and Africa. Hackers sent PowerPoints containing the Trojan via spam email. These emails were disguised as finance-related, making the user believe they were related to a recent order or invoice.
Older computer systems are more at risk than new ones. While the malicious malware does try to automatically download onto your computer, the latest Microsoft Office will ask you beforehand. This provides the user a security measure to prevent the virus from affecting you. However, older versions of Office will execute the PowerPoint file.
Keeping Your Computer Safe
Many companies do not update their computer’s operating system or applications. Working off of older technology leaves them vulnerable to attack and without that added layer of security that they need. Unfortunately, just like we saw with the WannaCry situation, it isn’t so easy for large scale companies to update their computer systems.
A good antivirus software will help to protect your computer from an attack like this. Trend Micro was able to detect 1,444 spam emails last month. Another way to avoid becoming a victim of online theft is by looking out for suspicious emails from unknown senders. These are often the most dangerous types of emails with hackers hoping that you will download its contents.
If you are a small or big business, your computer system is a target. It is best to invest in protecting your company’s private and important information. At Geek Aid, we can assist you with business IT solutions, including:
- Performance Enhancements on Computers
- Crash Repairs
- Data Recovery
- Data Backup
- Security From Thieves and Competitors
- Email Setup
- Technology Consultation
Don’t leave your company’s security system at risk. Call Geek Aid at 877-GEEK-AID for computer and technical support.
There appears to be no rest for the world of cyber security. Hackers are vigilant and in order to keep the personal and private information of the public safe, cyber security experts must be as well. A popular target for hackers are smartphones and other mobile devices. As people rely more and more on this form of technology for everyday task, the more likely they become a victim of security threats. The companies who create these devices constantly update them to prevent such events. However, hackers are crafty. For example, their newest method to hack your phone involves using cutting-edge voice hacking.
Mimicking You Through Voice Hacking
While still in its infancy, sending commands to your smartphone or mobile device via voice controls is on the rise. Digital assistants like Siri, Cortana, Alexa, and others are becoming an essential part of the user experience. Even Apple has dedicated their time to updating Siri with a better intelligence.
What’s troublesome is that hackers can record audio samples while you are engaging with these digital assistants. They are able to mimic your voice, convincing other that they are you. This malicious technology allows hackers access to personal accounts and security mechanisms.
In an interview with Forbes, Yuval Ben-Itzhak, chief technology officer at AVG, warns against using speech recognition apps, recommending that users disable them right away. “At the moment, leaving biometric technology as it is today is like leaving a computer without a password and just allowing anyone to walk by, click and take an action,” says Ben-Itzhak.
Stopping Voice Hacking in Its Tracks
The researchers at the University at Buffalo have the same thoughts as Ben-Itzhak. That’s why they’ve developed a way to detect and prevent hackers from using obtaining your voice patterns. The engineers were able to create an app that stops voice hacking using a smartphone’s existing components.
“Technology is advancing so fast; we have to think of different ways. The strategy is using multiple lines of defense. We call that defense in depth,” says Kui Ren, Ph.D., director of the Ubiquitous Security and Privacy Research Laboratory (UbiSeC) at UB, and one of the study’s lead authors.
Ren and his team’s study focused on hackers replaying someone’s voice to access a device. Hackers will use speakers to perform such a task. The app uses the following tools:
- A magnetometer in a phone to detect the speaker’s magnetic field.
- The phone’s trajectory mapping algorithm to measure the distance between the speaker and the phone.
The app also uses movement to detect the difference between a person and a replayed voice, the latter’s magnetic field changes when moved.
“We cannot decide if voice authentication will be pervasive in the future. It might be. We’re already seeing the increasing trend,” Ren said. “And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure.”
This research is crucial to keeping digital users safe. Some technology already exists that prevent other forms of voice hacking from occurring. Hopefully, people will soon be able to add the University at Buffalo’s app to their phone’s security.
Recently, England’s healthcare system was the victim of a massive cyber attack. The ransomware known as WannaCry locked doctors and employees across at least 25 hospitals out of their networks. Later, it was discovered that the same attack hit multiple organizations across the world. Find out what happened and how it become the largest ransomware attack to date.
What Did WannaCry Demand?
A hacker group known as The Shadow Brokers stole and leaked several Windows’ exploits from the NSA. Within the information leak, a remote code execution vulnerability called ExternalBlue was used to access unsecured computers and install the now infamous ransomware. The computers affected were either not updated or running Windows XP or 2000, which are operating systems that are no longer supported.
The ransomware program is modified version of WannaCrypt, a virus that has plagued computers before. The malicious software locks users from their computers, and then ask them to pay a $300 fee via bitcoin to obtain the encryption key. The longer the user takes to pay the ransom, the higher the fee becomes.
How Did the Virus Make It Onto Computers?
Like many other pieces of malware, WannaCry spread because people didn’t take proper precaution. The virus is believed to have originated from compressed files attached to emails. It’s important to avoid becoming an online victim. This is a topic that we have discussed before because there are a lot of opportunistic groups looking to take advantage of internet users.
Why Are Small and Large Businesses Using Vulnerable Systems?
Upgrading to the newest operating system is not so simple for business. For example, the UK’s National Health Service (NHS) notes that medical equipment uses old operating systems and are not easy to update. Business with multiple computers or larger IT system can also have a hard time updating their infrastructure. Some updates can break key application needed to do work. Companies have to be very careful when performing a companywide update, otherwise, it can critically damage everyone.
While Microsoft has ended support for older operating systems, they recently created a patch to address the incident. Companies using Windows XP, Windows 8, and Windows Server 2003 can now download a patch to protect their computers. If you can, we suggest updating your operating system regularly to avoid risk to your private information.
Are You the Victim of a Cyberattack?
If you notice the telltale signs of a cyber attack on your computer system, call us at Geek Aid. Our IT and networking specialist can help. We offer services like data backups, data recovery, virus removal and more. We even provide recurring updates for companies to prevent attacks from infecting your system and disrupting your business.
One of our services even includes setting your business up with your own private exchange or email setup. That way your email is only distributed to those who need it. Your computer’s security system is important to us. So, call Geek Aid at (877) GEEK-AID today. You can also reach us via email by filling out our contact form.
With Apple and iPhone being such a recognizable name, the company’s flagship product was bound to draw the unwanted attention of hackers. Hackers are the seedier parts of the digital world. Furthermore, most of them look for opportunities to exploit technology for their own personal gain. It is not uncommon to hear about hackers making demands and using their skills to access private data.
A hacker group called the “Turkish Crime Family” recently gained media attention. The oddly-named group claims to have access to various user accounts and threatens to use that information to wipe user iPhone data unless Apple pays a hefty ransom.
The Ransom and Threat
The hacker group is asking for $75,000 in Bitcoin or $100,000 in iTunes gift cards. However, some are unsure of the number of accounts the group has access to. They claim to have hundreds of millions in their possession. As a show of force, the Turkish Crime Family revealed 54 accounts.
ZDNet was able to confirm that the accounts are indeed real. No one knows exactly how the hacker group was able to obtain these accounts. Unless Apple pays, they plan to use the account information to access iCloud and remotely erase their data.
Apple Claims iPhone Data Is Safe
Despite the hackers’ forceful demands, Apple is unwilling to give in. Their response is that users accounts are safe. Their statement claims that:
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
How Users Can Protect Their Information
In the event of any breach, real or not, users should stay vigilant. The number of accounts that these hackers claim to have is a lot. As a result, users are taking a risk that their private information can be leaked with others or erased entirely by not doing anything.
What users can do is secure their devices. The first step is to change their iCloud password. Remember, a complex password with capitalizations, symbols, and numbers are harder to crack. Next, update your security settings. Old information is how hackers often gain access to passwords.
The last step you should take is enabling two-factor verification. This security method uses a combination of two components to verify a user’s identity. For Apple, users need their password and a six-digit verification code, which is sent to their most trusted devices, to access their account from a new device.