Learning Center

ACS will provide all your IT services in Wilmington, North Carolina

Posted on Author Atlantic Computer Services Categories Blog

WECT Interviews Matthew Coleman about Ransomware

On May 23, 2022, Michael Praats of WECT ran a story about a new NC law that impacts how government agencies are allowed to handle ransomware payouts.

As part of that interview, Michael interviewed our own Matthew Coleman for details around business applications for the new law, along with some dangers that go into cyber threats on the whole:

Matthew Coleman is the Marketing Director for Atlantic Computer Services, a Wilmington-based company that provides IT services, including help protecting businesses from cyberattacks. He says most people have the wrong idea about hackers and how these nefarious actors get into a system or network. Often it comes down to human error, or a lack of knowledge and education on preventing malicious software into a system.

“One of the primary ways that ransomware attacks make their way into a business is almost always through email. So phishing attempts, spam, emails, things that come out like that, the stereotype of the hooded attackers sitting over his computer desk, and the dark basement … it’s a misnomer. It’s more about bots and automation, email campaigns that go out and basically like someone walking through a neighborhood and just checking doors on houses until they find one that’s open,” Coleman said.

Check out the full interview HERE!

Thank you to Michael Praats and WECT for the opportunity to contribute!

What can your business do to prevent ransomware attacks? Contact us HERE and let’s talk about your options!

 

0
Posted on Author Atlantic Computer Services Categories Blog

Three Big Companies Working On Passwordless Login Options

Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.

Despite years of training, re-training, and near-constant reminders to strengthen passwords, users keep making the same mistakes.

They’ll re-use the same password across multiple properties. They may use an incredibly weak and easy to guess password that makes it easy for hackers to break in using simple brute force attacks against their accounts.

If passwords were to simply go away and be replaced by something better, legions of IT security folks would breathe a tremendous sigh of relief.

If Apple, Google, and Microsoft have anything to say about the matter, that is soon to be a reality.  All three companies are hard at work on a variety of passwordless schemes. If their plans remain on track, we’ll get to see the fruits of their labor sometime next year.

The three companies are currently working to implement passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, Safari, Windows, and Edge.  Taken together, those systems and software packages account for some 90 percent of network traffic today. It won’t be long now before the devices users employ will store a FIDO credential, dubbed a passkey, which is used to unlock your device and access all of your online accounts.

The passkey scheme is substantially more secure than a simple password because it’s protected with powerful cryptography and only shown to your online account when you unlock your device.  Contrast that with passwords, which leave users vulnerable to all manner of phishing schemes and are subject to being weakened by bad habits developed by the users themselves.

All of that is good news but it should be noted that we haven’t seen it in action yet. Even after the Big Three finish their work, there’s still the considerable task of implementing the use of the new passkeys into websites and other applications. It will be a while yet, but the good news is change is coming.

0
Posted on Author Atlantic Computer Services Categories Blog

New Delivery Method For Ransomware Discovered Called Bumblebee

Some interesting and disturbing changes are afoot in the hacking world.  It appears that the TrickBot gang is now working for the Conti Syndicate. TrickBot is a well-known group of botnet developers responsible for the creation of the BazarLoader. BazarLoader has been used by Conti in the past as their delivery system of choice when it comes to delivering ransomware as part of one of their sophisticated phishing campaigns.

Now though, the Conti Syndicate has a new tool at their disposal.  A newly developed malware loader dubbed Bumblebee.  Eli Salem is a seasoned malware reverse engineer at Cyberreason. Salem says that the techniques used by Bumblebee are similar to those used by BazarLoader. This suggests that they were developed by the same team, which points the way back to TrickBot.

So TrickBot’s developers made a new toy for the Conti Syndicate. Since Bumblebee became available, security researchers at Proofpoint and other organizations have been seeing evidence that other groups are switching away from BazarLoader and IcedID (also highly similar) in preference for Bumblebee.

Although similar in its overall structure to BazarLoader, Bumblebee appears to be a more advanced version.

It can  support a wide range of commands, including but not limited to:

  • Shi: shellcode injection
  • Dij: DLL injection in the memory of other processes
  • Dex: Download executable
  • dl: uninstall loader
  • And Ins: enable persistence via a scheduled task for a Visual Basic Script that loads Bumblebee

Worse is that there is clear evidence that Bumblebee is being actively developed and gains new features and capabilities with every update.

As of the update observed on April 19th, for example, the malicious code now supports multiple command-and-control servers. The development team has recently added an encryption layer that makes it more difficult to track communications to and from the command-and-control server.

What this means in terms of the bigger picture is anyone’s guess. It seems clear that there’s a growing level of cooperation and coordination in the hacking world lately, and that should scare just about everyone.

0
Posted on Author Atlantic Computer Services Categories Blog

How the cloud is a solid survival tool for your business during a crisis

How the cloud is a solid survival tool for your business during a crisis

One thing the Coronavirus pandemic taught businesses is the fact that it is important to move with the times and adopt and adapt to the latest technology. While you don’t have to be the first one in the market to invest in the newest technology, once its effectiveness and usefulness is proven, it does make sense to switch to it. Here’s how the cloud allowed businesses to overcome the challenges posed by having to suddenly switch to the remote operations model.

Challenge-1: Access to critical data and applications

This could have been easily resolved by migrating to the cloud. The cloud offers unparalleled connectivity to your data—from anywhere and at any time, with any internet-enabled device.

Challenge-2: Data safety, cybersecurity concerns

The cloud provides solutions to data safety and cybersecurity challenges as well, as data stored in the cloud is naturally much safer and difficult to break into than data stored on your employee’s home computer. The cloud offers multiple layers of security, including some from your cloud service provider.

Challenge-3: Data loss

With the cloud, businesses wouldn’t have to worry about losing data, as it wouldn’t be stored on their employee’s personal computer, but at a centralized location in the cloud.

Challenge-4: Hardware issues

The cloud rendered any hardware issues non-existent, as the employee’s personal devices were just gateways to access their work stored in the Cloud. They needed devices that met the basic specifications, and the rest of the work was happening online, without additional load on personal devices.

Challenge-5: Phones

Businesses that had adopted the VoIP (Voice Over Internet Protocol) were able to overcome this challenge easily. VoIP allows you to communicate by sending voice as data packets using the internet. The VoIP system is primarily software-based and can be accessed from anywhere, using an application that your VoIP provider offers. (Physical instruments are optional). This meant, companies with VoIP systems could keep their office phone numbers responsive even when their staff were working from home.

While these technologies can help a great deal to maintain business continuity, you will need the assistance of a reputable MSP to deploy them and also to ensure they are functioning as they are supposed to. Plus, there are always other security concerns that crop up in a remote working environment when you can’t monitor your staff’s IT activities. Your MSP will be able to offer solutions and control mechanisms that can help put those concerns to rest.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Edge Browser To Get Free Limited VPN

There’s a big change coming to the Microsoft Edge browser.  Big enough that it may prompt some users to switch to Edge.

Recently, Microsoft announced that they’ll be adding a free built-in VPN (Virtual Private Network) service to Edge as part of a long-anticipated security upgrade.  Called “Edge Secure Network,” the Redmond giant is currently testing the new Cloudflare-powered VPN service and says it will be rolling out soon, though no precise timetable was given.

The basic idea here is that it will encrypt a user’s web traffic so that ISPs can’t collect browsing information you’d rather keep private.

The new feature will also allow users to mask their location or make it possible for them to browse the internet using a virtual IP address.  Among other things, this means that users would be able to access content blocked in their countries, like Netflix or Hulu programming. Or in the case of China, which routinely denies access to broad swaths of the internet to their citizens, this could provide a way around those restrictions.

That sounds fantastic but there is one rather large catch to be aware of.  At present, the data limit is set to 1GB per month and users will need to be signed into a Microsoft account so that the company can track usage, which is ironic to say the least.

Microsoft has attempted to downplay this last bit. They’ve been stressing that while Cloudflare will collect support and diagnostic information from those using the service, it will permanently delete that data every 25 hours.

The new feature is still being tested and is currently unavailable to the public. If you join the Microsoft Edge Insider group, you’ll be first in line for a preview when Microsoft is ready for the big unveiling.

0
1 30 31 32 33 34 238