Tag Archives: hacker

Top Tricks Cybercriminals Use To Hack Your Computer Network

16 Nov 17
lverbik
, , , , , , , , , , , , ,
No Comments

There’s no denying that cybercrime is on the rise. All it takes is a glance at a few big news stories from the past couple years. Equifax gave up the information of over 100 million people, many of them not even users, to a surgical hacker attack. Last May, over 57,000 infections spread from a single ransomware source across 99 separate countries, with damage reaching everything from hospitals and businesses to vital public utilities like the German railway network. And how many high-profile celebrities have had their phone’s picture feeds hacked and had to deal with the scandal of some maliciously leaked photographs, some of which they’d deleted years before?

But it’s not just massive corporations like Equifax or JPMorgan or actresses like Jennifer Lawrence that are being targeted day in and day out. It’s small businesses, many equipped with far less robust security measures in place. In fact, if you’re an entrepreneur, it’s almost a statistical guarantee that hackers will target your business at some point down the road.

In your company’s battle against cybercrime, it’s essential to stay abreast of the rapidly shifting digital landscape. Only the most up-to-date security technology can even hope to protect you from the ever more sophisticated thieves pounding at your digital door.

However, it’s also important to stay informed. Here are a few of the sneakiest and most common tricks thieves use to snatch your vital data:

Social Engineering Hacking, though it can cost you thousands and thousands of dollars and do just as much damage as its digital counterparts, doesn’t require a single line of code. Instead, they find weaknesses in the “human network” of a business. For example, skilled scammers can call your business’s cell phone provider, posing as the CEO’s spouse, and convince the customer service rep to hand over passwords, Social Security numbers, and sensitive personal information. Many IT departments are susceptible to this same scam.

Often, social engineering is used to gather information that will later be used for a different strategy. Such as …

E-mail Phishing, which hijacks (or fabricates) an e-mail account with trusted authority and sends users an e-mail requesting they click a particular link. Maybe the e-mail looks like it’s from the service department of your company’s time-tracking software, seeking to remedy an error. But when the link is clicked, ransomware or other malware spreads like wildfire through the system, and the user is at the mercy of the hackers. Usually, this is used to extort exorbitant sums of money out of small businesses or individuals. Symantec reports that just last year, over 7,000 businesses of all sizes fell prey to some form of phishing scam, costing them more than $740 million in total.

Brute-Force Password Attacks Or Password Guessing are just what they sound like. Either a hacker uses a software that, after putting in some data about the target (for example, the name of their dog or their anniversary), runs through potential keys ad infinitum. With sufficient information about the target, it’s only a matter of time before the software breaks through. Or, more often than you might think, hackers can simply guess the password. Infiltrators have common passwords that use real words or common structures memorized and can run through hundreds before giving up.

Fault Injection is a different story, usually only used by the most dedicated, sophisticated hackers around the world. Cyberthieves will use a complicated software to scan the source code of their internal software or network, noting every potential weak point in the system. Then, by splicing in strings of code, they can penetrate through and steal data, inject a virus, or employ other digital mischief.

How To Protect Yourself Against These Threats

As they say, forewarned is forearmed, but it’s not enough to keep your eye out for common hacker strategies. As the progress of technology marches on, so do the techniques and softwares used by hackers, resulting in an infinite number of permutations of ways they can penetrate your system.

The only way to be truly secure is by utilizing bleeding-edge security solutions to ensure you stay ahead of the breakneck developments in hacker technology. With constantly updating software dedicated to security, along with some know-how, you can rest a lot easier knowing your data is safe.

Cybercriminals Confess: The Top 3 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

21 Apr 17
lverbik
, , , , , , , , , , , ,
No Comments
  1. We’re masters at getting you to click on fake e-mails. One of the most common ways hackers gain access to computer networks and devices is via phishing e-mails. Gone are the days when you could easily spot a spammer’s e-mail because of its poor English, typos and punctuation mistakes – attacks are getting more and more sophisticated. That’s because cybercriminals have access to the same cutting-edge online marketing tools that legitimate companies have, giving them the ability to send highly targeted messages that look completely legitimate from sources you trust. These e-mails often use your name, your professional title and may even reference a group you belong to. Further, if you click on the e-mails or respond, you’re inviting a hacker into your network that bypasses a firewall and antivirus software. The only way to avoid getting snared by a phishing e-mail is to NEVER click on, open or respond to any e-mail requesting personal information, passwords, login details, etc. Always go directly to the site.
  2. We automate attacks that work around the clock. Hackers have software programs that systematically test millions of possible passwords to break into your PC. Easy-to-guess passwords are worthless against the power, automation and sophistication of these super-apps that will constantly hammer away at guessing your password. Because of this, make sure your passwords contain both uppercase and lowercase letters, at least one number and special characters – and NEVER use easy-to-guess passwords like “letmein” or “password.”
  3. We can use legitimate web sites to attack you. A growing number of cyberattacks are coming via “drive-by” download, where a hacker gains access to a legitimate, honest business web site (or sets up a site that looks legit on every level) but has malicious code installed called an “exploit kit.” An exploit kit can discover a vulnerability fast by probing your operating system, browser and the software you have installed (like a PDF reader or video player) to find a way to access your PC or network. If you (or your IT company!) aren’t applying regular security updates, you are unprotected against these exploits.

While these are common ways hackers gain access, there are dozens of other more straightforward ways hackers gain access if you’re not diligently updating and patching your network, maintaining an up-to-date firewall, antivirus and spam-filtering unified threat-management system. The days of “That could never happen to me” are gone.

If you want peace of mind that YOUR business isn’t a “sitting duck” to hackers, call us for a free assessment at 317-857-0150. You’ll discover if you truly are protected from common hacker attacks and what you can do now to avoid being an easy target. Call today at 317-857-0150.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.

The One Attack No Tech Can Stop

22 Sep 16
lverbik
, , , , , , , , , , , , , , , ,
No Comments

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Contact a TechnoPro for more information.