Tag Archives: attack

Cybercriminals Confess: The Top 3 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

21 Apr 17
lverbik
, , , , , , , , , , , ,
No Comments
  1. We’re masters at getting you to click on fake e-mails. One of the most common ways hackers gain access to computer networks and devices is via phishing e-mails. Gone are the days when you could easily spot a spammer’s e-mail because of its poor English, typos and punctuation mistakes – attacks are getting more and more sophisticated. That’s because cybercriminals have access to the same cutting-edge online marketing tools that legitimate companies have, giving them the ability to send highly targeted messages that look completely legitimate from sources you trust. These e-mails often use your name, your professional title and may even reference a group you belong to. Further, if you click on the e-mails or respond, you’re inviting a hacker into your network that bypasses a firewall and antivirus software. The only way to avoid getting snared by a phishing e-mail is to NEVER click on, open or respond to any e-mail requesting personal information, passwords, login details, etc. Always go directly to the site.
  2. We automate attacks that work around the clock. Hackers have software programs that systematically test millions of possible passwords to break into your PC. Easy-to-guess passwords are worthless against the power, automation and sophistication of these super-apps that will constantly hammer away at guessing your password. Because of this, make sure your passwords contain both uppercase and lowercase letters, at least one number and special characters – and NEVER use easy-to-guess passwords like “letmein” or “password.”
  3. We can use legitimate web sites to attack you. A growing number of cyberattacks are coming via “drive-by” download, where a hacker gains access to a legitimate, honest business web site (or sets up a site that looks legit on every level) but has malicious code installed called an “exploit kit.” An exploit kit can discover a vulnerability fast by probing your operating system, browser and the software you have installed (like a PDF reader or video player) to find a way to access your PC or network. If you (or your IT company!) aren’t applying regular security updates, you are unprotected against these exploits.

While these are common ways hackers gain access, there are dozens of other more straightforward ways hackers gain access if you’re not diligently updating and patching your network, maintaining an up-to-date firewall, antivirus and spam-filtering unified threat-management system. The days of “That could never happen to me” are gone.

If you want peace of mind that YOUR business isn’t a “sitting duck” to hackers, call us for a free assessment at 317-857-0150. You’ll discover if you truly are protected from common hacker attacks and what you can do now to avoid being an easy target. Call today at 317-857-0150.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.

The One Attack No Tech Can Stop

22 Sep 16
lverbik
, , , , , , , , , , , , , , , ,
No Comments

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Contact a TechnoPro for more information.