Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Google Bug Exposed Passwords For Some GSuite Enterprise Customers

Even companies that are normally quite good at providing security for their users occasionally wind up with egg on their faces.  Google is a classic case in point, in this instance.  Recently, the company announced that a bug in an older segment of their GSuite code base resulted in the recent discovery that the company had been storing customer passwords in an encrypted but un-hashed form for more than a decade.

Somehow, this bug managed to go undetected for a staggering fourteen years.  On discovering it, the company immediately corrected the issue, so there’s nothing for GSuite users to do at this point. Although, the company is recommending that all GSuite Enterprise customers immediately change their passwords just to be safe.

The company also notes that only GSuite Enterprise customers were impacted.  If you’re just a regular Gmail user, your password was not exposed in the manner described above.  Google’s official statement about the matter reads, in part, as follows: “To be clear, these passwords remained in our secure encrypted infrastructure.  The issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

This is the second time in recent months that the company has found itself dealing with issues of exposed passwords in systems that were thought to be highly secure.  Again, this is proof positive that even the largest companies with generally good reputations where security is concerned can misstep.

GSuite Admins have been notified and instructed to reset all user passwords that had been set using the old tool. If you’re one of the impacted users, odds are excellent that this has already been done.   If you’re not sure, take the time to query your IT staff just to be sure that base is covered.

0
Posted on Author Atlantic Computer Services Categories Blog

Digital Skimmers Are Dangerous For Websites With E-Commerce

If your business website incorporates an e-Commerce platform that allows you to sell directly to your customers, be aware. According to the latest research by the security firm RiskIQ, there are currently more than half a dozen large, well-organized hacking groups targeting businesses just like yours.

These groups are all using the same basic family of malicious code, collectively referred to as Magecart.  Their preferred targets are websites that use the Magento e-commerce platform. Although historically, they haven’t been bashful about targeting other e-commerce platforms as well.

The gist of how they do their damage amounts to digital skimming.  This type of attack is conducted by first penetrating your site’s security features. This allows the hackers to inject malicious code onto your site that monitors any transactions that take place when your customers make a purchase from you. In the process, they are “skimming” their payment details and sending them off to a server under the control of the hackers, where they can make use of the payment data for their own purposes.

Given the nature of the attack, there’s no outward sign that your customers’ payment information has been compromised.  They’ll only find out later, when transactions they have not authorized begin appearing on their payment card statements.

In tandem with the research conducted by RiskIQ, Malwarebytes security researcher Jerome Segura has uncovered a new twist on the basic Magecart skimming tactic. This new tactic sees attackers injecting e-commerce sites with code that causes it to pop up a malicious iFrame at the time of payment. Then, the user simply hands over their payment data, not suspecting that it’s not a normal part of the e-commerce platform.

In whatever way it is accomplished, the researchers following the development and maturation of Magecart attacks all agree on one thing.  Once the data has been collected, it is sent to a server somewhere in Russia.  Beyond that, the trail becomes too tangled to follow.

Stay alert, and make sure your IT folks are on guard against the threat.  Your customers will thank you for it.

0
Posted on Author Atlantic Computer Services Categories Blog

Persistent Banking Trojan Virus Launches New Phishing Scam

The venerable banking Trojan known as Q-bot is back in the news, having recently been spotted in the wild as part of a sophisticated new phishing campaign designed to claim a new generation of victims.

Q-bot is one of the oldest banking Trojans still in use, and has a history that stretches back more than a decade.

In this most recent incarnation, the malware is being delivered via an email which appears to be a reply to an existing email chain.  The body of the email contains a poisoned link which, if clicked will install the malware in the background.

Once in place, it creates a backdoor to the compromised machine in question, allowing hackers access any time they like.  It also serves as a key logger and general spy. It can steal financial data, banking data, other logins, credentials, and of course, makes it possible for the hackers to install additional malware as they see fit.

The reason Q-bot is still enjoying use of stolen data is that it’s very good at what it does, and the developers of the code have taken steps to keep it up to date.  This, combined with finding new and innovative ways of introducing the Trojan onto target systems has made it as close to a persistent threat as we’ve seen when it comes to malicious code.

The latest campaign appears to borrow from the success of a similar campaign launched last year involving a Trojan with comparable functionality called Emotet.

This serves as confirmation that different hacking groups around the world are learning from one another, comparing notes, and developing an increasingly robust set of best practices. All this makes it increasingly more difficult to effectively defend against such threats.  Stay vigilant and be sure to remind your employees never to open emails or click links inside emails, even if they appear to be from a trusted source.

0
Posted on Author Atlantic Computer Services Categories Blog

2019 Sees A Huge Rise In Ransomware Attacks

According to FBI statistics, in 2013 there were 991 tracked incidents of ransomware attacks against business, resulting in losses slightly exceeding half a million dollars.

The number of incidents steadily increased through 2016 when they reached 2,673 for the year, with total losses just shy of two and a half million dollars.

During the 2017-2018 period, the overall number of ransomware attacks declined from their high-water mark, even as the total losses continued to increase.  This was a consequence  of the hackers targeting larger networks with bigger payoffs. It led some to believe that interest in ransomware was beginning to wane in the hacking community in preference for other forms of attack.

That conclusion seems to have been premature.  According to the statistics gathered so far for 2019, there has been an enormous increase in the total number of ransomware attacks.  Businesses have borne the brunt of the surge, reporting an increase in excess of 500 percent.  While there are no hard figures yet for the total damages, one can expect that the 2019 figures will be as record shattering as the total number of attacks themselves.

Of interest, in the same period, ransomware attacks targeting consumers is down markedly. They are down to the point that it’s no longer even in the top ten most common cybercriminal threats that consumers face.  That’s good news for the consumer, but businesses are paying the price.

As a business owner, this is valuable information to know because if you are attacked, it’s much more likely that the attack will come in the form of ransomware.  Not to say you shouldn’t be on your guard for other types of attacks, but give the reality of scarce IT resources, it pays to know what the biggest threats are.

 

0
Posted on Author Atlantic Computer Services Categories Blog

Report States Bots Account For 20 Percent Of Web Traffic

How much of the web’s traffic would you estimate to be fake, if you had to guess?  The answer to that question might surprise you.  According to the 2019 Bad Bot Report published security firm Distil Networks, the answer is just over twenty percent.  20.4 percent to be precise.

More than one fifth of all traffic on the web is generated by bots.

As staggering as that figure is, it’s actually down slightly from last year. Distil Networks says not to read too much into the slight dip, reporting that 75 percent of the bot traffic is generated by what it calls APB’s, or Advanced Persistent Bots. APB’s are able to cycle through IP addresses randomly carrying out whatever instructions their creators have outfitted them with.  As these persistent bots become increasingly commonplace, we can expect their share of traffic to increase over time.

The report indicates, perhaps unsurprisingly, that the financial sector is on the receiving end of the majority of bot traffic.  A full 42 percent of the bots are aimed at that sector alone, with the majority of this traffic driven by credential stuffing style attacks aimed at hijacking user accounts for financial gain.

Other popular bot traffic destinations included:

  • Ticketing portals, where 39 percent of all traffic was bot-driven
  • Education sites, where 38 percent of all traffic was bot-driven
  • Government websites, where 30 percent was bot-driven

Also unsurprisingly, the bulk of bot traffic (53 percent) originated in the United States, although Russia and the Ukraine accounted for nearly half of all blocking requests from Distil customers.

According to Tiffany Olson Kleemann, Distil Networks’ CEO,

“Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before.”

The bottom line is simply this:  Bot traffic is bad for business.  It costs you time and money, and it potentially puts your systems and your proprietary data at risk.

0
1 20 21 22 23