(817) 439-3051

Technology

SamSam Is on the Loose and Headed for a Server Near You
SamSam Is on the Loose and Headed for a Server Near You

computer lock photo

 

In March 2018, the SamSam ransomware ravaged Atlanta’s computer systems, bringing many city services to a halt. This wasn’t the first time hackers used this ransomware to wreak havoc and it won’t be the last. Learn how SamSam differs from most other ransomware.

Many city workers and citizens in Atlanta, Georgia, won’t soon forget March 22, 2018. On that day ransomware shut down many of the city’s online services and even some government offices. The culprit was a ransomware variant known as SamSam.

This was not the first time SamSam struck in 2018. In February, it forced the Colorado Department of Transportation to shut down 2,000 computers. A month earlier, SamSam stopped city services in Farmington, New Mexico as well as halted healthcare systems at Adams Memorial Hospital and Hancock Health in Indiana.

The cybercriminals behind the SamSam attacks are not just targeting government and healthcare organizations. They are also attacking businesses, including an unnamed industrial control systems (ICS) company in January 2018.

Unfortunately, security experts believe that the SamSam attacks will continue because they are bringing in big bucks. Hancock Health paid $55,000 (USD) to get its files and systems back. And it wasn’t the only organization to give into the hackers’ demands. One Bitcoin account that hackers set up to accept ransom payments had a balance of more than $325,000 in the month of January 2018 alone. Plus, they likely have set up other Bitcoin accounts for that purpose.

Since SamSam is here to stay, it is a good idea to know how this ransomware works. Armed with this knowledge, you can better defend your business so that it does not become the next victim.

 

How SamSam Differs from Most Ransomware

To spread ransomware, cybercriminals often send out phishing emails. These emails use a convincing pretense to lure recipients into performing an action, such as clicking a link or opening an attachment. If the recipients fall for the ruse, their computers will likely become infected with ransomware.

In contrast, cybercriminals use organizations’ servers to spread SamSam. This is achieved by exploiting:

    • Unpatched software. Hackers scan servers connected to the Internet, looking for unpatched servers. When they find one, they exploit the vulnerability to access the machine. For example, in the very first SamSam attacks in 2016, cybercriminals sought and exploited a known vulnerability in servers running Red Hat’s JBoss software.
    • Exposed connections. Cybercriminals scan servers connected to the Internet, looking for exposed connections. When they find one, they use it to access the machine. For instance, hackers sought and exploited servers with exposed Remote Desktop Protocol (RDP) connections in a series of SamSam attacks in 2017. (RDP is a remote management tool developed by Microsoft.)
    • Weak or stolen credentials. Hackers crack weak passwords or use compromised credentials to break into public-facing servers. For example, cybercriminals used a vendor’s stolen credentials to gain entrance to one of Hancock Health’s servers.

Once the hackers have control of a company’s server, they install SamSam. This ransomware does not immediately start encrypting files, though. Instead, it finds, infiltrates, and installs itself on more computers in the network. In other words, it is self-spreading ransomware. After SamSam has been installed on machines throughout the network, cybercriminals run batch scripts to execute the encryption code in the ransomware and present the victim with a ransom note.

 

Ways to Avoid Becoming the Next Victim

The best defense against SamSam is a good offense. Taking several precautions can go a long way in preventing an infection:

    • Keep all software, including the operating system, up-to-date on each server and workstation in your business. Hackers like to take advantage of unpatched computers. Do not give them that opportunity.
    • Secure RDP. While helpful for IT administrators, RDP can be exploited by cybercriminals who want to access businesses’ servers. There are several ways to prevent this, such as deploying an RDP gateway and limiting the number of users who can log in using RDP.
    • Use strong passwords for the service and software accounts on your servers. This will make it harder for hackers to crack passwords. Even better, use two-factor authentication when possible and implement an account lockout policy to thwart brute force password-cracking attacks.
    • Use security software, even on your servers. It can help guard against known ransomware attacks and other kinds of malware threats.
    • Regularly back up files and systems, and make sure the backups can be successfully restored. Although this will not prevent a SamSam attack, you won’t have to pay the ransom if one occurs.

We can analyze your IT environment and make specific recommendations on how to protect your business against SamSam and other types of ransomware. Together, we can develop a comprehensive plan that will help keep your business from becoming the next ransomware victim.

Would You Pay to Get Your Business’s Data Back?
Would You Pay to Get Your Business’s Data Back?

If you came to work one morning and found that your company was the victim of a ransomware attack, would you pay the ransom? Find out why security experts recommend not giving into hackers’ demands and why many organizations do not heed this advice.

 

In December 2017, a county government employee fell for a phishing email scam, which resulted in 48 servers being infected with the LockCrypt ransomware. The attack paralyzed many crucial services in Mecklenburg County, North Carolina, because the county’s tax, finance, deed, social services, and other systems were no longer available.

 

The cybercriminals were asking for a ransom of $23,000 (USD). Although county government officials were in contact with the hackers, they were still undecided about whether to pay the ransom when the deadline arrived.

 

What would you do if your business found itself in this situation? It can be a hard question to answer.

 

Rationale for Not Paying

 

Mecklenburg County ultimately decided not to pay the ransom, which is what most security experts recommend. There are several reasons for this recommendation. For starters, if you pay the initial ransom, hackers might ask for more money. That’s what happened to the Kansas Heart Hospital in Wichita. It paid the ransom, but the cybercriminals only partially restored the hospital’s files and then demanded more money to decrypt the rest.

 

Even worse, you might pay the ransom but never get your files back. Only 47% of victims who pay the ransom get their files back, according to Symantec’s “2017 Internet Security Threat Report”. Plus, some hackers sophisticated ransomware variants are designed to delete rather than encrypt victims’ files. So, even if you pay the ransom, your files are history. There is no longer honor among thieves, according to two Talos researchers who discovered one of these variants, which they dubbed Ranscam.

 

Paying the ransom can also have long-term implications for your business. It might lead to new cyberattacks against your company in the future since the cybercriminals know you will pay to get your data back. They will be banking on the chance that your systems or employees are still vulnerable. On a broader scale, the more organizations pay up, the more hackers will target them.

 

Rationale for Paying

 

Although idealistically it is best to not pay the ransom, many organizations do. Reasons why they give into hackers’ demands vary.

 

Sometimes, it is easier or quicker to pay the ransom than reconstruct files from backups. This was the reason why the Hollywood Presbyterian Medical Center in Los Angeles, California, paid cybercriminals around $17,000 to get its patient records back. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” according to Allen Stefanek, the center’s president and CEO.

 

Similarly, organizations might find that it is cheaper to pay off the hackers than reconstruct their data from backups. Typically, ransom demands are much less than those encountered by Mecklenburg County and Hollywood Presbyterian Medical Center. In 2017, most ransom demands ranged from $500 to $2,000 for businesses, according to Statista. Plus, the ransom amount can often be negotiated down. In one experiment, F-Secure researchers found that three out of four ransomware criminal gangs were willing to negotiate their ransom fees, reducing them an average of 29%. There is even one strain of ransomware named Scarab that does not specify a ransomware amount. Instead, victims must email the cybercriminals in order to negotiate a price for recovering their files, according to Forcepoint Security Labs.

 

Not having usable backups of crucial data is another reason why some organizations give into cybercriminals’ demands. This is why an attorney in Tulsa, Oklahoma paid $500 to get his firm’s files back. Similarly, Bingham County officials in Idaho gave hackers $3,500 to get back the data stored on three servers. The ransomware attack had actually paralyzed all 28 of the county’s servers, which the hackers initially ransomed for $33,000. The county had recoverable backups for 25 of those servers, so it negotiated the price down to $3,500 to get the decryption keys needed for the three servers without usable backups. (The backups for two of the servers turned out to be corrupt, and one server had not been backed up at all.)

 

Some organizations might decide to secretly pay the ransom to minimize the chance of word getting out that they fell victim to a ransomware attack. Hundreds of ransomware attacks in a variety of industries have been kept secret, according to Robert Shaker, the chief technology officer of Incident Response Services for Symantec’s Cyber Security Group.

 

What Would You Do?

 

Whether or not to pay a ransom for your data is a hard decision that hopefully you will never have to make. No matter your decision, a ransomware attack would likely cause other problems for your business. A 2017 Malwarebytes study found that 22% of the small and midsized organizations that experienced a ransomware attack had to cease business operations immediately, resulting in downtime and lost revenue. Thus, it is important to do everything you can to protect your business from ransomware. We can help you develop an effective strategy.

 

Photo by quinn.anya

 

7 Ways Small Businesses Can Take Full Advantage of Office 365
7 Ways Small Businesses Can Take Full Advantage of Office 365

If you subscribe to Office 365 Business Premium or Microsoft 365 Business, you have access to seven apps designed for small companies. They are part of your subscription, so there are no additional costs to use them. Here is what you can do with these apps.

 

With little fanfare, Microsoft has been rolling out new tools designed to make it easier for small businesses to find and keep customers and run operations more efficiently. These apps are part of Office 365 Business Premium and Microsoft 365 Business. Four were released in November 2017, which means there are now seven apps available to subscribers at no additional cost. Here is what you can do with them:

 

1. Microsoft Listings

 

If you want to increase your company’s online presence, Microsoft Listings might be able to help. From the app, you can create business listings on Facebook, Google, Bing, and Yelp. Creating them in one place helps ensure that your company’s information and branding are consistent across these sites.

 

After you create the listings, you can use the app’s dashboard to monitor views and reviews of your business on the four sites. If you need to change some information in the listings, you only need to enter the changes once in the app. Microsoft Listings will then automatically make the changes in Facebook, Google, Bing, and Yelp.

 

2. Bookings

 

With the Bookings app, you can create a customized web page that your customers can use to check availability and schedule appointments. The scheduled appointments appear in your private Bookings calendar.

 

You can sync the Bookings app with your Office 365 work calendar. That way, when you add an appointment to your Office 365 work calendar, the Bookings web page will show that time as unavailable for appointments. Similarly, when a customer uses the web page to schedule an appointment with you, the appointment appears in your Office 365 calendar as well as your Bookings calendar. Appointment reminders are automatically emailed to both you and your customers.

 

Bookings has many other features designed with companies in mind. For example, it automatically creates a customer contact list for you. Plus, there is a mobile version of the app if you often travel for business.

 

3. MileIQ

 

Using your smartphone’s GPS service, MileIQ automatically tracks and logs the miles you spend driving for business, creating a record of your tax deductible/reimbursable mileage. The mobile app works in the background, so you do not have to remember to press a start or stop button. At the end of each drive, you just need to classify the trip as business or personal.

 

To avoid having to constantly classify trips as personal during off hours, you can enable the “Work Hours” feature. After you specify your work hours, the app will automatically classify all trips taken outside those hours as personal. If you happen to travel for business during off hours, you can reclassify the trip using MileIQ’s online dashboard.

 

You can also use the dashboard to create reports detailing your business mileage. By default, the app uses the US Internal Revenue Service’s standard business mileage rate (54.5 cents per mile in 2018) to calculate deductible/reimbursable costs, but you can customize the rate if needed.

 

4. Outlook Customer Manager

 

This tool lets you quickly access information about your company’s customers from either your Outlook inbox or the Outlook Customer Manager mobile app. For example, suppose you want to know more about a customer, Bob, who just sent you an email. If you click his profile, Outlook Customer Manager will display information about him, such as previous email exchanges, tasks completed for him, and logged calls.

 

You have the ability to share customers’ information with other staff members. Doing so helps ensure that your customers will get good customer service even when you are on vacation or out sick.

 

5. Microsoft Invoicing

 

With Microsoft Invoicing, you can generate professional-looking estimates and invoices using predesigned templates that are customizable. For example, you can insert your company’s logo, change the color scheme to match your branding, and add a “Pay with PayPal” link.

 

Using either the online or mobile version of the app, you can track pending and partial payments, mark invoices as paid, and see if any payments are overdue. If you use Intuit QuickBooks, you can have Microsoft Invoicing automatically transfer invoicing information to QuickBooks.

 

6. Microsoft Connections

 

Microsoft Connections lets you stay in touch with current customers and attract new ones via email. You can use either the online or mobile version of the app to create and send newsletters, announcements, and other marketing materials. You can even set up referral offers that give discounts (or another type of incentive) to existing customers who bring in new clientele.

 

After you send out a marketing campaign, you are able to track its effectiveness. Available metrics include the number of emails opened and how many people signed up for a particular promotion.

 

7. Office 365 Business Center

 

The Office 365 Business Center provides a central location from which you can manage the six other business apps. For instance, you have the ability to control which staff members can access them.

 

The Business Center’s dashboard gathers and displays key business metrics from the six apps. That way, you can keep track of the metrics without having to open each app. However, if you need more information, you have the ability to open any of the apps from the Business Center. The Business Center is available as an online and mobile app.

 

New Tech Support Scam Is Popping Up on Chrome and Firefox Browsers
New Tech Support Scam Is Popping Up on Chrome and Firefox Browsers

Digital con artists have devised a new way to scare people into falling for a tech support scam. Learn how this scam works and what to do if you encounter it.


A new tech support scam has surfaced. Digital con artists are freezing web browsers in hope that users will panic and call a bogus support line for assistance. The scam has been seen on Google Chrome, Mozilla Firefox, and Brave web browsers running on Windows devices.

How the Scam Works

The scam begins when users visit a compromised web page. Malicious code in the page triggers their web browsers to start downloading thousands of files in rapid succession. This causes the browsers to become unresponsive in 5 to 10 seconds.

A message then pops up. It includes the usual scare tactics found in tech support scams. Although the messages vary, they basically say that the computer is infected with some type of malware (e.g., viruses, spyware) that is stealing the users’ personal data (e.g., login credentials, credit card numbers). Users are instructed to call a help line for assistance in removing the malware. In one case, the message mentioned that users had to call within five minutes to prevent their computers from being disabled.

Because of how this scam’s malicious code works, users cannot close the tab or the browser by clicking the “x” button. This can scare users even more, prompting them to make the call.

Calling the bogus support line can lead to problems that are much more serious than a frozen browser. Sometimes, tech support scammers try to con callers into paying for unnecessary tech support services. Other times, scammers try to con callers into letting them remotely access the callers’ computers, in which case they could install malware or change settings.

Be Prepared, Not Scared

If your browser suddenly freezes and you get a message to call a help desk, it is important not to panic. Tech support scams prey on people’s fears. Take a deep breath and try to close your web browser using Windows’ Task Manager. Here is how to do so in Windows 10:

  1. Open Task Manager by right-clicking the task bar and selecting the “Task Manager” option. Alternatively, you can press Ctrl+Alt+Del (i.e., press the Ctrl, Alt, and Del keys at the same time) and choose “Task Manager”.
  2. On the Processes tab, find the “Apps” section and highlight your web browser’s name (e.g., Google Chrome).
  3. Click the “End Task” button.
  4. Close Task Manager.

If you are using Windows 7, follow these steps:

  1. Open Task Manager by right-clicking the task bar and selecting the “Start Task Manager” option. Alternatively, you can press Ctrl+Alt+Del and choose “Start Task Manager”.
  2. On the Apps tab, highlight your web browser’s name.
  3. Click the “End Task” button.
  4. Close Task Manager.

If this does not work, contact us.

GDPR Deadline Is Looming
GDPR Deadline Is Looming

The date on which companies need to be in compliance with the General Data Protection Regulation (GDPR) is approaching fast. Find out when this deadline is and what it means for businesses worldwide.

If your business has customers who live in the European Union, you have an important deadline approaching. On May 25, 2018, you need to be in compliance with the General Data Protection Regulation (GDPR).

Passed by the EU Parliament in 2016, GDPR is designed to provide data privacy rights to EU citizens and protect them from data breaches. This legislation spells out numerous requirements that companies must meet, such as:

    • Businesses must get customers’ consent to collect, process, and store their personal data. When companies ask for permission, they must use easy-to-understand terms rather than legal jargon. Plus, it must be easy for customers to withdraw their consent.
    • Companies can only collect, process, and store the personal data needed to complete a given task and not any extra information. Further, the data collected and stored for one task cannot be repurposed without further consent from customers.
    • Businesses must notify customers within 72 hours of first becoming aware of a breach that involves their personal data.
    • Companies need to include data protection measures when they are initially designing their systems rather than adding the measures later on.

All companies that collect, process, or store the personal data of EU citizens are required to comply with GDPR’s requirements, no matter where the organizations are located. For instance, US and Canadian businesses that have customers who live in the European Union must adhere to the regulation.

The penalties for noncompliance are high. The maximum fine, which is reserved for the most serious violations, is €20 million (around $24 million USD) or 4% of a company’s annual global turnover (whichever is greater). The fine structure is tiered, so smaller fines will be levied for less serious infractions.

There are resources available to help businesses understand the GDPR requirements. The official website, EUGDPR.org, has an extensive list of articles, videos, and other types of resources. Its sister site, EUGDPR.com, provides GDPR updates and news.

Some IT vendors also offer GDPR resources, many of which are free. Here are a few examples:

    • Microsoft provides an e-book, an online readiness assessment, webcasts, and whitepapers.
    • Trend Micro has an infographic, checklist, whitepaper, and webinar.
    • IBM furnishes an e-book, webinars, and whitepapers.
    • IT Governance offers a video, infographic, paper, and templates.

There are many blogs and articles are available to help companies better understand GDPR.

 

How to Keep Your Customers and Salvage Your Business’s Reputation after a Data Breach
How to Keep Your Customers and Salvage Your Business’s Reputation after a Data Breach

 

Bad things can happen to good companies — and one misfortune that businesses might experience is a data breach. Discover what you can to do to rebuild people’s confidence in your company if the unthinkable happens.

Bad things can happen to good companies — and one misfortune that businesses might experience nowadays is a data breach. This type of cybercrime is increasing at an alarming rate. In the United States alone, the number of breaches rose 45% in 2017 compared to 2016.

A data breach can erode customers’ confidence in a company, which can result in lost business. It can also erode the general public’s confidence, which can result in lost business opportunities. Understandably, the size of the breach and the types of data stolen affect the level of confidence people have in a company that has been hacked. But there is another important component in the confidence-level equation: How a business responds to the crisis. For this reason, companies that have experienced a data breach need to be transparent, communicate effectively, and follow through on promises.

 

Be Transparent

While they might not like it, most people understand and accept the fact that data breaches occur. However, if you are caught trying to cover up a breach or intentionally mislead people about its size or severity, irreparable damage might be done to your business’s reputation.

This is why you need to be transparent about the data breach. In other words, you need to fully disclose information about the event in an accurate and timely manner. It is much better if news about the breach comes from official channels in your company rather than being leaked by someone else inside or outside your organization. You should inform your staff, customers, suppliers, and anyone else who needs to know about the event. When telling them, it is important to be honest about the size of the breach and the types of data stolen.

To further enhance transparency, you might consider bringing in third-party experts to conduct an independent investigation of how the breach occurred and what can be done to prevent future occurrences. Plus, an independent investigation will help show that you are taking the breach seriously.

 

Communicate Effectively

Simply telling everyone there has been a data breach is not enough if you want to keep your customers and salvage your business’s reputation. A lot of thought should go into what to say when you notify the various groups. Be sure to:

    • Take responsibility for the breach and apologize.
    • Let people know that your company is taking the breach seriously.
    • Empathize with the victims.
    • Provide details about the type of data that was lost and how it was lost, unless prohibited by law.
    • Discuss what steps you are taking so that this type of incident does not happen again.

 

When notifying the victims of the breach, you will also want to include:

    • The options or next steps they can take (e.g., signing up for a complimentary identity protection service)
    • Where they can get more information (e.g., calling a toll-free number or visiting a website you set up)
    • How to detect fraud (e.g., monitor bank and credit card accounts)

The timeframe in which to notify breach victims and authorities is often regulated by country, region, or industry-specific agencies. For example, the European Union General Data Protection Regulation (GDPR) mandates that customers be notified within 72 hours of first becoming aware of a breach. These agencies might also dictate what needs to be included in those notifications.

 

Follow Through on Promises

To rebuild people’s trust in your company, you will need to follow through on the promises you made to them. Besides fixing the problems that led to the breach, you will need to act on any additional measures recommended by the people who investigated it. You also need to deliver on any assistance you promised to the breach victims.

 

It Will Take Time

Even when you act responsibly after a data breach, gaining back your customers’ and the public’s confidence will take some time. One study found that it can take anywhere from 10 months to more than 2 years to restore a company’s reputation following a breach of customer data. As a result, it is best to take all the measures you can to try to prevent a breach. We can assess your IT environment and make recommendations on how to protect it from hackers who want to steal your data.

 

4 Signs It Might Be Time for a Tech Update
4 Signs It Might Be Time for a Tech Update

Using older tech devices saves money, but there is a point at which it can hurt business operations. Here are four signs that it might be time to update or replace some tech devices.

Small and midsized businesses usually have limited tech budgets, so it’s common for them to continue using their devices as long as possible. However, there is a point at which outdated tech devices become a burden and hurt business operations.

Here are four signs that it might be time to update or replace some tech devices in your business:

1. Employee Productivity Is Suffering

If your staff members have a lot of idle time because they are waiting for devices to perform tasks, it might be time to update or replace those items. For example, if employees have to constantly wait for data to download from shares on your wireless network, you might need a new Wi-Fi router. Older routers that support only the 802.11g, 802.11b, or 802.11a wireless specification have slower signal speeds compared their modern counterparts.

Similarly, if employees have to wait for resource-intensive apps to perform tasks, they might need computers with larger and faster hard disk drives or even solid state drives. Older computers typically have less RAM and processing power, so they might not be able to efficiently handle resource-intensive apps.

Employees might not even have the devices they need to do their jobs. For instance, employees who often travel for business might not have the mobile devices they need to work or stay in contact with the office when they are on the road.

2. Incompatibilities Are Encountered

It might be time for change when you cannot use new items with your existing tech devices because of incompatibilities. For example, you might not be able install the latest operating system on employees’ computers because those computers do not meet the minimum hardware specifications. Even worse, you might not be able to install a new business app on their computers because the operating system is outdated, but you cannot upgrade the operating system since the hardware is old.

Incompatible plugs and ports can also signal that it is time for new devices. For instance, you might have a new peripheral device that requires a USB-C plug, which your computer does not have. Or, you might not be able to connect a new computer to an existing monitor because the monitor has a VGA plug while the computer has an HDMI port. Although adapters can solve some incompatibility issues, they often result in slower speeds and lower resolutions.

3. A Device Is Constantly Experiencing Problems

If an older device is constantly experiencing problems, it might be time to replace it. For example, files might mysteriously go missing on a computer and apps might constantly freeze or crash for no apparent reason. These are signs that a computer’s hard drive might be failing.

4. Sales Are Suffering

If sales are suffering because of intermittent technology issues on older devices, it might be time to update or replace them. For instance, customers might be turning to competitors because your old website server slows to a crawl during peak usage times. Deciding whether to replace or update an older device that still works — but not very efficiently or effectively — can be a tough decision. However, it is usually worth it in the long run.

Is Outdated Technology Hurting Your Business?

Sometimes, it is obvious when problems occur because of outdated technology. Other times, it is not that cut and dry. We can assess the situation to determine whether the problems are due to old tech devices or some other issue.

 

How the Repeal of the Net Neutrality Rules Might Affect Your Business
How the Repeal of the Net Neutrality Rules Might Affect Your Business

 

The U.S. Federal Communications Commission’s repeal of the net neutrality rules has made many people apprehensive about how it will change Internet access and content. Here are two schools of thought on how it might affect businesses.

On December 14, 2017, the U.S. Federal Communications Commission (FCC) repealed the net neutrality rules it had put in place in 2015. The repeal has made many businesses, consumers, and even politicians apprehensive about how it will change Internet access and content.

To understand the possible effects that the repeal will have, you first need to know what net neutrality is referring to. Net neutrality is the idea that Internet service providers (ISPs) must treat all data equally. This means that ISPs cannot:

    • Block websites’ content, applications, and services (provided the sites do not break any laws).
    • Intentionally slow down (i.e., throttle) websites’ content, applications, and services.
    • Charge fees for favored treatment. In other words, they cannot create “fast lanes” of Internet traffic to and from websites for web content producers willing to pay extra for it. ISPs have to offer producers the same service for the same price.

It is too early to tell how the repeal of the net neutrality rules will affect Internet access and content. Here is a look at what both proponents and opponents think will happen.

Proponents’ Viewpoint

People who support the repeal believe that it will:

    • Spur innovation. New services (e.g., gaming) will pop up because web content producers can be guaranteed access to a fast lane of Internet traffic.
    • Allow ISPs to set fairer pricing. From the ISP perspective, all web content is not created equal. For example, live streaming a program requires much more of an ISP’s resources than loading a web page. Allowing ISPs to charge web content producers based on how much bandwidth they consume or how fast their content must be delivered will be a fairer system than having all the web content producers pay same price.
    • Lead to improved services. ISPs will be able to use the extra revenue generated to improve their networks. As a result, customers (both businesses and consumers) will have faster and better access to web content and services.
    • Reduce red tape and costs. Getting the government out of the Internet regulatory business will reduce red tape and regulation-related costs. This will enable ISPs to spend more time and money on improving their networks.
    • Promote the free market. With no regulations to get in the way, the free market will prevail, benefiting both customers and ISPs.

 

Opponents’ Viewpoint

People who oppose the repeal believe that it will:

    • Stunt innovation. Many innovators and startup companies will not be able to afford a fast lane for their web content. Having slow connections and their content buried in search engine results could lead to their downfall.
    • Increase the cost of doing business. To be on equal footing with competitors already in the fast lane, companies will have to pay for a fast lane. Businesses that do not have the money for this preferential treatment run the risk of losing existing customers and not attracting new ones.
    • Cost customers more money. Companies that pay the ISP fees to get in the fast lane will ultimately pass those costs onto the businesses and consumers that use their products and services.
    • Make ISP investors and executives richer. Most of the money generated from fast lanes will go straight into the pockets of ISP investors and executives rather than being used to improve networks.
    • Control what people see online. With no regulations prohibiting ISPs from giving preferential treatment to some websites while limiting the content of others, ISPs will have the ability to control what people see online, especially given that some telecommunications conglomerates own both ISPs and web content producers. For example, Comcast owns both Comcast Cable Communications (an ISP and cable TV provider) and NBCUniversal Media (a web content producer that operates many cable networks such as the USA Network and MSNBC). In these cases, ISPs will have incentive to limit or throttle competitors’ web content and give their own content preferential treatment.

 

Only Time Will Tell — But Maybe Not

It will take some time before we really know how the repeal is affecting Internet access and content — but there’s a chance we may never find out. Opponents are already taking action to try to reverse the decision. For example, the attorneys general of more than 20 states, several consumer groups, and even Mozilla have filed lawsuits to block the FCC’s repeal. Plus, some states are taking action at the local level. For instance, the governor of Montana has signed an order that says telecommunications companies cannot receive state contracts if they interfere with Internet traffic or favor higher-paying websites or apps.

There is one thing for certain, though. You will be hearing a lot more about net neutrality in the months to come.

 

Hackers Are Trying to Trick Android Users into Downloading Powerful Spyware
Hackers Are Trying to Trick Android Users into Downloading Powerful Spyware

 

To get Android users to download the Skygofree spyware, cybercriminals have been spoofing wireless service providers’ websites. Discover what you can do to prevent your business’s Android devices from becoming infected.

 

Hackers have been setting up fake web pages that mimic wireless service providers’ sites in an effort to get Android smartphone and tablet users to download spyware called Skygofree. The web pages tell users they are downloading a network configuration update that will prevent malfunctions to their Internet connections so they can keep navigating the web at maximum speed.

 

Skygofree has been around since 2014, but hackers have now developed it into one of the most powerful spyware tools ever seen for the Android platform, according to researchers. Hackers can use it to remotely carry out 48 different commands.

 

What Hackers Can Do on Infected Devices

 

Like most spyware, Skygofree allows hackers to capture calls, upload calendar events, steal contacts, and collect other types of data about the devices and their users. However, Skygofree has additional advanced capabilities that make it quite dangerous.

 

For example, hackers can use Skygofree to steal the files of any app installed on an infected device. Researchers believe that mobile device management (MDM) software is of particular interest to the cybercriminals because the name of the process that captures app files is AndroidMDMSupport. MDM software is used by businesses to secure and control mobile devices.

 

Cybercriminals can also use the spyware to track an infected device’s location and start recording audio clips when it is in a specific place. For example, hackers might have the device start recording audio clips whenever the device’s owner takes it to work.

 

Hackers can even connect an infected device to their Wi-Fi networks, regardless of whether the owner disabled Wi-Fi connections on the smartphone or tablet. Once connected, cybercriminals can collect information, such as what websites the owner is visiting and the login credentials being used to access those sites.

 

To make sure that Skygofree can run uninterrupted, cybercriminals designed it to work around an Android feature that could interfere with the spyware’s operations. Starting with version 8.0, Android automatically disables background processes that are running but idle. To prevent Android from disabling its background processes, Skygofree periodically sends system notifications.

 

How to Protect Your Business’s Android Devices

 

Although Skygofree is advanced spyware, some basic preventative measures can protect your business’s Android devices:

 

    • Let employees know that legitimate wireless service providers won’t ask users to manually download and install configuration updates. The updates are automatically sent to users’ devices.

 

    • Make sure that the security software installed on your mobile devices is up-to-date.

 

    • Make sure the devices’ firewalls are configured to block known malicious websites.

 

We can make sure that all your mobile devices are properly configured and have the latest security software updates.

 

Beware of Fake Spectre and Meltdown Patches
Beware of Fake Spectre and Meltdown Patches

 

Cybercriminals have begun peddling patches that install malware rather than fix the vulnerabilities recently discovered in computer chips. Learn how hackers are conning people into installing these fake patches so that you do not become the next victim.

 

Cybercriminals did not waste any time after the January 3, 2018, announcement that most of the computer chips in use today have two serious security vulnerabilities. Less than two weeks later, security analysts discovered that some hackers were trying to take advantage of the situation. They were not trying to exploit the chips’ vulnerabilities, though. They were trying to exploit people’s fears. The cybercriminals were offering to fix the Spectre and Meltdown vulnerabilities, but the patch they were peddling was actually a program that infected devices with malware known as Smoke Loader.

 

While this scam has been shut down, security experts are expecting more like it. By understanding how hackers carried out the scam, you will be better able to spot similar attacks.

 

How the Scam Worked

 

To dupe people into installing the fake patch, the hackers used phishing emails and a spoofed website. Hackers initiated the scam by sending well-crafted phishing emails to German citizens. The emails appeared to come from Germany’s Federal Office for Information Security (BSI), the equivalent of the National Institute of Standards and Technology (NIST) agency in the United States. According to the real BSI, the emails had subject lines like “Critical vulnerability – important update”. The body of the email, which included BSI’s logo, warned about the Spectre and Meltdown vulnerabilities. The email recipients were urged to click a link that lead to a website supposedly run by BSI.

 

Although the website was being run by hackers, it looked like a legitimate BSI web page. It even had an HTTPS address and the padlock symbol to give victims a false sense of security. The fake BSI site urged people to download a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip), which contained a fake patch (Intel-AMD-SecurityPatch-10-1-v1.exe). Victims who downloaded and installed the fake patch had the Smoke Loader malware installed on their computers or smartphones.

 

Smoke Loader changes settings and installs files on infected devices. Hackers use this malicious program, which is designed to avoid detection, to install other malware (e.g., ransomware, banking trojans) on victims’ devices.

 

How to Avoid Becoming a Victim

 

Phishing emails and spoofed websites are often used in cyberattacks, so hackers will likely utilize them again in future patch scams. No matter whether the patch being peddled is for Spectre, Meltdown, or a different security vulnerability, it is a good idea to follow these guidelines:

 

    • Do not assume an email is authentic because it looks official. In the past, phishing emails were fairly easy to spot. They often looked crude and had spelling and grammatical errors. Nowadays, many cybercriminals take the time to make their emails look authentic. Besides crafting convincing messages that are free from spelling and grammatical errors, they often use visual elements, such as logos. It is easy for anyone to copy a logo from a legitimate website and then paste the logo into an email.

 

    • Do not assume a URL will take you where it says it will. Hackers often use deceptive URLs. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate organization’s name (e.g., NIST) or web address (e.g., https://www.nist.gov), but the actual URL leads to a malicious website. You can check a link’s actual URL by hovering your mouse pointer over it (without clicking it).

 

    • Do not assume a website is legitimate because it starts with “HTTPS”. Research has shown that many people believe that sites which start with “HTTPS” and have the padlock symbol are legitimate and safe. However, this designation simply indicates a site is using the HTTP Secure (HTTPS) protocol, which means that any data being transmitted between web browsers and the site is encrypted. It does not signify that the site is legitimate or its contents are safe. Hackers like to use the HTTPS protocol on their malicious sites because it can give visitors a false sense of security. In fact, a quarter of all phishing websites are HTTPS sites, according to PhishLabs.

 

    • Be wary of emails that urge you to install any type of update. Vendors seldom contact customers via email about applying patches or other types of updates. Most vendors either automatically install them or send notifications through the operating system’s or the device’s update service (e.g., Windows Update, HP Support Assistant). If you receive an email about an update from a vendor, you should verify the email’s authenticity.

 

Being Careful Can Keep You Safe

 

It is important to patch newly discovered security vulnerabilities because hackers often exploit them to gain access to computers and other devices. However, if someone emails you about installing a patch to fix a vulnerability, you need to make sure the email is from the vendor and not a cybercriminal. If the need arises, we can verify whether the email is legitimate or a phishing scam.