Monday, September 30, 2019
Ransomware Attacks Have Doubled in 2019
The scourge of ransomware attacks around the world are well documented, appearing in front-page headlines and disrupting everything from SMBs to local municipalities.
Even so, the scope of the problem is even more extensive than many people realize. The latest McAfee Labs Threat Report found a 118% rise in ransomware attacks in the first quarter of 2019.
The precipitous increase follows years of decline for malware as it appeared to fall out of vogue with cybercriminals. However, in 2019, the practice has been monetized by targeting SMBs and local governments, soft targets that don’t often have the resources to effectively update their defenses against ransomware.
The report found that three ransomware strains – Dharma, Ryuk, and GandCrab – are used in the vast majority of attacks, and McAfee notes that a large number of organizations are willing to pay six-figure payments to help ensure that such strategies will continue to adapt and remain relevant well into the future.
Given the high cost of recovering from a ransomware attack, the cybersecurity services that can fortify a company’s defenses are a relative bargain. Especially for SMBs, a strong defensive posture comes with the cost of doing business, and it’s more affordable than cybersecurity failure.
https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Friday, September 27, 2019
In Other News: Data Breaches Expected to Cost Businesses $5 Trillion by 2024
By now, every business should be aware of the costs associated with a data breach. Unfortunately, such damages are not being contained. Instead, they are rising steadily, culminating in a $5 trillion price tag by 2024, according to the latest report from Juniper Research.
A recent report, “The Future of Cybercrime & Security,” found that regulatory fines and lost business will be the primary drivers of this expense.
Consumers continually demonstrate a disdain for platforms that can’t protect their data, making opportunity cost one of the most arduous, often immeasurable consequences of a data breach.
At the same time, the report notes that cybercrimes are likely to accelerate as hackers deploy increasingly sophisticated technology, like AI, to perpetuate even more disruptive cybercrimes.
However, Juniper Research found that cybersecurity-related expenditures are only expected to increase by 8% over the next four years, meaning that enterprises are turning to other methodologies to protect their data. Most prominently, the report concluded, employee awareness training is seen as the most efficient and cost-effective way to protect a company’s data.
Regardless of the technique, one truth is certain. The cybersecurity landscape will not look the same in four years, and every business needs to be prepared to adapt and meet the shifting challenges of its time.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Tuesday, September 24, 2019
Google Estimates 1.5% of All Internet Passwords Vulnerable to Spearphishing
Sometimes cybercriminals get too much credit for their ability to infiltrate businesses’ IT infrastructure. In many cases, employees’ bad password practices actually cause the vulnerability, a reality that was confirmed in a Google study released this week.
In the report, Google estimates that 1.5% of all logins used on the internet are a vulnerability to credential stuffing attacks because they were disclosed in previous data breaches. What’s more, even when companies or employees were notified of this vulnerability, only 26% of people changed their passwords to secure their accounts.
However, there is one silver lining. For those who did update their information, 94% created a password that was as strong or stronger than the original password. Ultimately, it’s a reminder that many security vulnerabilities are fixable, and partnering with qualified cybersecurity experts can help you identify these vulnerabilities before they create a catastrophe.
https://www.bleepingcomputer.com/news/security/google-estimates-15-percent-of-web-logins-exposed-in-data-breaches/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Monday, September 23, 2019
In Other News: The First Half of 2019 Sees Precipitous Rise in Data Breaches
A recent report by Risk Based Security confirmed what many people already knew: data breaches are increasing in frequency and scope.
In the first half of 2019, there were 3,816 data breaches, a 54% increase from the same period in 2018. In total, more than 4 billion records were stolen. While the majority of these records, 3.2 billion were stolen as part of eight high-profile breaches, more than one billion records were taken in lesser known data heists from smaller organizations.
The healthcare sector led all industries with 224 data breaches while retail and finance accounted for 199 and 183 breaches respectively. Meanwhile government and education have collectively endured nearly 300 data breaches.
According to the report, email addresses and passwords were the most sought after data, occurring in more than 70% of data heists. In contrast, only 11% of data breaches contained financial information like credit card numbers.
Email addresses and passwords can be used to promulgate additional cybercrimes, and companies need to train their employees to protect this information as phishing scams and other attacks threaten the integrity of these credentials and business’ entire cyber infrastructure. For starters, implementing comprehensive awareness training can help strengthen the security of your company’s email addresses and passwords.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Wednesday, September 18, 2019
ACSC Warns Australian Small Businesses About BlueKeep Vulnerability
According to a warning by the Australian Cyber Security Centre, thousands of Australian SMBs are at risk of being compromised by the BlueKeep vulnerability that can wreak havoc on outdated Windows operating systems.
The warning comes on the heels of a disclosure by a security researcher who revealed a publicly available Remote Desktop Protocol that can scan for unpatched systems.
The ACSC estimates that 50,000 Australian devices are vulnerable to this malady, which is easily defensible using a patch provided in a software update.
Unfortunately, for companies that don’t take advantage of the update, their systems can be easily infiltrated by bad actors who steal and destroy company data.
Software updates are critical for ensuring that your business is protected in an ever-evolving threat landscape. Moreover, cybersecurity specialists (Like us!) can provide a comprehensive view of your cybersecurity readiness posture, ensuring that all vulnerabilities are accounted for.
https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Tuesday, September 17, 2019
Monday, September 16, 2019
In Other News: Canadian Government Launches Cybersecurity Certification Program for SMBs
A recent survey by StaySafeOnline.org found that 71% of data breaches occur at small businesses, a prolific problem that the Canadian government is trying to solve. Consequently, they’re instituting an incentive program for SMBs prioritizing cybersecurity initiatives.
The new initiative, CyberSecure Canada, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material.
To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
Notably, SMBs don’t have to tackle this priority alone. Partnering with qualified cybersecurity professionals can help augment your cybersecurity posture and transforming weaknesses into strengths.
The new initiative, CyberSecure Canada, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material.
To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
Notably, SMBs don’t have to tackle this priority alone. Partnering with qualified cybersecurity professionals can help augment your cybersecurity posture and transforming weaknesses into strengths.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Thursday, September 12, 2019
New Scam call targeting your Apple ID - DOnt fall for it
New apple scam: Read this pass it on and remember
Get a call stating from apple warning you Apple ID it compromised....they offer to connect to apple support...hang up and do not give any info...
It is a scam...
Just like Microsoft will not directly notify you of a breach.. neither will Apple..
I was at the DR this morning and received the call, unfortunately, no way to record it.. I had a client that fell for the Microsoft version and they took him for more than a 1000 dollars.
Please share this message, it may save someone you know..
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Tuesday, September 10, 2019
GermanWiper Ransomware Targets SMBs
GermanWiper Ransomware Targets SMBs
German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.
When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.
Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.
GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.
Therefore, defensive initiatives are business's best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.
https://www.bleepingcomputer.com/news/security/germanwiper-ransomware-erases-data-still-asks-for-ransom/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.
When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.
Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.
GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.
Therefore, defensive initiatives are business's best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.
https://www.bleepingcomputer.com/news/security/germanwiper-ransomware-erases-data-still-asks-for-ransom/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Monday, September 9, 2019
What We’re Listening to:
Defensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Friday, September 6, 2019
UK SMBs Fend Off 10,000 Cyber Attacks Per Day
According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day.
Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.
Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
Partnering with qualified security professionals can help augment your company's cybersecurity posture, shoring up vulnerabilities to address the significant cyber security risk facing SMBs.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Tuesday, September 3, 2019
Monday, September 2, 2019
The Increasing Cost of a Data Breach
As the headlines continually demonstrate, data breaches are quickly becoming a prominent problem for organizations of any size and operating in any sector. The bad news, according to IBM’s annual report on the cost of data breaches, is that they are also becoming more expensive.
In 2019, companies can expect to spend $3.92 million on a data breach, a 12% increase in just five years.
With today’s regulatory landscape trending toward consumers, companies can expect these numbers to continue increasing as governments intend to exact financial penalties from organizations that can’t protect their customers data.
Consequently, highly-regulated industries like healthcare and financial services saw the most significant price escalations.
The report is especially troubling for SMBs. IBM concluded that companies with less than 500 employees will still incur losses in excess of $2 million if a data breach occurs, and they can expect these costs to continue to for several years after a breach.
The high cost of a data breach makes cybersecurity partnerships a relatively inexpensive way to protect your organization from the catastrophic consequences that accompany a breach.
https://www.cbronline.com/news/data-breach-costs-2
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
How To Build And Remember A Strong Password
The first stage in helping to secure our devices or online accounts is to construct strong passwords. A strong password is one that cannot easily be guessed or generated by human or automated attacks. Strong passwords are long, and they should appear meaningless to others.
Because strong passwords have to be difficult for somebody to guess, it may also become difficult for you to remember your passwords. You can get around this problem by using a secure password manager. You then need to remember only the password you use for your password manager account. The password manager looks after all other passwords.
Constructing a strong password
The basic rules are simple:
1) Make your password a long stream of random characters
2) Use a mixture of upper and lower case letters
3) Include some non-letter symbols
The longer a password is, the harder it is for trial and error attacks to stumble on it. Using the letters A-Z and digits 0-9, there are more than 94 million ways to make a 9-character, single case password. There are more than 9 trillion ways to make an 18-letter combination from the same set.
By introducing a mixture of upper and lower case letters, we increase the number of possible 18-character combinations to over a quadrillion (a quadrillion is 1 followed by 15 zeroes). Adding in six symbol characters to the mix makes 12 quadrillion plus combinations possible.
Method for building a password
One good idea is to select a random location from a book, or another text source, and choose the first or last character in a given number of words from that location. To demonstrate the principle, we will construct an 18-character password using the play Romeo and Juliet. You will have to remember your master password. Writing it down somewhere is bad practice, so you need to come up with a system that will enable you to retrieve it. As we build our password, we will also build a key that will help us do this.
We decide to start at Act I, Scene I and choose the first 12 words of spoken text (ignoring stage directions, who is speaking, punctuation, etc.). The opening 12 spoken words in Romeo and Juliet are:
Gregory, o' my word, we'll not carry coals.
No, for then we
We take the last letter of each of those words to begin our password, which gives us:
yoydltysorne
We start to build our key at the same time. Since we only use the works of Shakespeare, we can use an abbreviated key, 12LR&JAISI, for Romeo and Juliet, Act I, Scene I. The '12' at the start of the key tells us how many words we're picking, and the 'L' tells us we are using the last letter of each word (we could use the first letter and code F).
We now want to capitalize some of the letters. We can use a simple pattern, like capitalizing every second letter, or something less obvious. Let's capitalize every fourth letter.
We now have:
yoyDltySornE
We add U4 to our key to tell us every fourth letter is uppercase, giving us:
12LR&JAISIU4
Next, we want to add some digits and symbols to bring our password up to 18 characters. We end up with:
4y%oy2DltySo$r#n6E
This is a very strong password indeed.
The last step is to add the digit and symbol information to our key. We use a simple position, character pair to tell us the rest of our password. 14 tells us that at position 1 is the digit 4, 3% tells us that at position 3 we have the % symbol, and so on.
Our full key now looks like this:
12LR&JAISIU4143%6213$15#176
This is indecipherable to anybody else. (Do not tell others what techniques you are using to construct your passwords. If they know your techniques, it gives them a chance of working out your password). You can store your key as your password recovery hint in your password manager. In this example, if we ever forget our password, all we need to do is look up the appropriate part of Romeo and Juliet, and we can rebuild it.
Flexibility
Note that we can make multiple passwords from the same piece of seed text just by changing our capitalization rule, by using different symbols and digits, by positioning symbols and digits differently, or by using the first letter of each word instead of the last. To recall our password, all we need is the seed text and our key. We chose to use Shakespeare because any of his works can easily be found online, so we have no need to worry about being unable to access our seed text.
Robert Blake
877.860.5831 x 190
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Subscribe to:
Posts (Atom)
-
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831 -
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In today's digital age, where the internet is an integral part of our lives, safeguarding our digital devices from malicious threats is ...
