Learning Center

ACS will provide all your IT services in Wilmington, North Carolina

Posted on Author Atlantic Computer Services Categories Blog

Data security in the ‘Work-from-home’ environment

Data security in the ‘Work-from-home’ environment

2020 threw a lot of challenges at the world. One of them, from the business perspective, that overshadowed the others was cybersecurity. How to ensure data safety and security in an environment where businesses can’t really control what employees do even during work hours? With the world almost a year into the pandemic, new best practices emerged that will be in use not just during the pandemic, but probably also in the future, post-pandemic era. Because the trend of working from home now seems to be here to stay. This blog will discuss some best practices for data security that can be deployed when working remotely.

  • If you can provide your employees with a computer that they will solely access for work, then that solves the majority of the issues. When employees use their own devices for accessing work data, the risk of a security breach is higher as businesses don’t have any control over staff’s personal devices. Your employee’s computer may have security loopholes such as pending updates and security patches or unauthorized software programs. If, instead, it is a company device, you can install control mechanisms that limit what your employees can do with the device. You can impose firewall restrictions, make it a part of your intranet and also monitor employee activities freely.
  • If you are allowing employees to use their personal devices for work purposes, you can encourage them to keep their device safe by alerting them about software updates, security patches and offering to install the latest version of antimalware software for their devices. This is a win-win situation for you and your employees, as you get to keep your data safe, while they get to keep their device and personal data secure.

In either case, you need to educate your employees on the basics of data security. These include password hygiene, identifying phishing attempts, attachment hygiene, etc.

Don’t forget the cloud! The cloud can help you keep your data safe and secure even in the remote working environment by adding layers of data security and eliminating storage of data on local hard drives and removable storage devices. Contact a cloud service provider today to learn more!

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Scams Using Twitter Account Emails

Hackers around the world are increasingly targeting verified Twitter accounts with emails designed to pilfer your Twitter login credentials.

Verified Twitter accounts differ from standard Twitter accounts in that they sport a large blue check mark next to the user’s name, which indicates that the person who owns the account is someone of considerable influence on the platform.

To be considered for verified status, you must formally apply for verification, which involves sending the company additional information including website references and pictures of your Photo ID.  There’s even an “essay portion” to the process that requires you to tell the company in your own words why your account deserves to be “notable.”

If that all sounds a little over the top to you, you’re not alone and it is one of the reasons why there are comparatively few verified accounts.

Even so, if you decide you just must have one, be aware that hackers are watching. They’ve been increasingly targeting anyone with the big blue check mark because those accounts can be resold for more money.  The accounts typically have lots of followers attached to them, which means that the hackers can potentially get their hooks into even more people.

The latest campaign looks something like this:

You’ll get an email stating that you’ve got a new notification from Twitter Verified, which sounds fairly official.

The email in question contains a button labeled “Check Notifications” but unfortunately, when you do that, you’ll be asked to enter your Twitter login credentials to verify that it’s really you.

Naturally, entering your credentials here has nothing to do with verifying your identity.  What you’re typing in is a simple capture box controlled by the hackers, allowing them to pilfer your login details and then abuse them.

Don’t fall for it.  Your best bet is to assume any email from a company is fraudulent. Instead of clicking on links, surf your way to the company’s website directly.  That’s still not a bullet proof solution, but it will reduce your risk to something pretty close to zero.

0
Posted on Author Atlantic Computer Services Categories Blog

Tricky Ransomware Encrypts Small Data But Overwrites Large Data

The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty.  Called Onyx, outwardly, the operation does what most ransomware campaigns do.  It gets inside a corporate network, exfiltrates the data that it wants, then seems to encrypt the rest, and then threatens to release the files to the broader public unless their demands for payment are met.

An additional fee is demanded to unlock the encrypted files, but there’s a catch in this instance.

Any file larger than 2MB in size is deleted and then overwritten before encryption to make it appear that the file is still intact.  Unfortunately, when victims pay the fee to have their files decrypted, they discover that the file is garbage and the actual file they wanted has been deleted.

This is not a flaw in the malicious code but rather an intentional design decision. It is implemented to inflict maximal pain on companies that fall victim to their attack.

The discovery was only recently made. So it’s quite likely that at least some companies have paid the demanded ransom in hopes of getting their files back, only to have those hopes dashed.

Given this fact, if you are hit with an Onyx attack, don’t pay the ransom.  It won’t do you any good, except where your smaller files are concerned.  Your only hope is to restore those files from backup, and you certainly don’t need to pay the ransom to do that.

Malware attacks in general and particularly ransomware attacks are an unfortunate part of corporate life these days.  Whether due to poor planning, faulty backups, or something else, some companies feel the need to pay the ransom and get on with the business of their business. However, in this case, the Onyx campaign proves that there is no honor among thieves.  Be careful out there.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular Service Being Used To Send Phishing Emails

Google SMTP relay service is wildly popular and used every day by legions of users.  Unfortunately, hackers around the world are aware of this and increasingly they’ve begun abusing the SMTP relay service.

The basic idea is as follows. Some clever hackers have figured out that they can bypass email security products and deliver malicious emails to their intended targets if they take advantage of certain weaknesses in Google’s SMTP relay service.

Researchers at the security firm Avanan have been tracking the phenomenon and have confirmed a sudden, dramatic spike in threat actors abusing the SMTP relay service beginning in April of this year (2022).

The relay service is offered by Google as part of Gmail and Google Workspace as a means of routing outgoing user emails.

Use of the SMTP relay is mostly a matter of convenience, as it means that users don’t have to manage an external server for marketing emails. So there’s no worry that their mail server may get added to someone else’s blocked list.

It is very handy but unfortunately, hackers have discovered that they can use the SMTP relay service to spoof other Gmail tenants without being detected, with one very important catch and caveat. If those domains have a DMARC policy configured with the ‘reject’ directive, the game is up, and the hacker’s attempt will fail.

Although this can be a serious problem, it also has a simple solution.  Just set a fairly strict DMARC policy and you’ll minimize your risk of your users falling victim to this type of attack.

As Google indicated on a recent blog post on this very topic:

“We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue.”

It’s good advice.  If you aren’t sure whether you’ve got a strict DMARC policy set, find out from your IT staff. If not, have them implement one right away.

0
Posted on Author Atlantic Computer Services Categories Blog

Security Warnings Coming To Certain Google Apps To Help Users

Google has been making some fantastic changes to bolster user security in recent weeks. That includes changes to their Google Play Store that will require developers to disclose exactly what data they plan to track and collect when users install the apps they create.

In a related vein, the tech giant has also recently added some powerful new security features to Google Docs, Sheets, and Slides that now display warning banners any time users attempt to open a suspicious file on the web.

Too often, users will open a file without giving much thought to who put it before them or where it resides (whether a trusted network drive or somewhere on the cloud, for example).  Unfortunately, hackers are keenly aware of this and will often plant poisoned files that appear to be legitimate work files in places where users are likely to find them. Then, the hackers simply sit back and wait until they reel someone in.

These recent changes to Google Workspace apps are designed with one goal in mind. To help the people using those apps make better decisions bout whether to open a file, even if it looks completely legitimate.

This new warning feature builds on a system the company began implementing for Google Drive files back in January of this year (2022) and uses the same warning banners you’ll find there.  A bright yellow, hard to miss banner appearing at the top of the page after a user has clicked on a link, but before the file is downloaded.

These brightly colored banners display warning messages essentially asking the user if he or she is sure about downloading a file from an untrusted source that may contain malicious code.  Note that Enterprise users were a bit slower than everyone else to get the new functionality because of the way Google organized the rollout. By the time you read this, they should be visible for everyone.

0
1 29 30 31 32 33 238