Tuesday, July 23, 2019

IP Camera Hacking Attempts Are Rising

Recently, Trend Micro published some statistics that just about everyone should find disturbing.  According to their latest statistics, the security company has blocked more than five million cyber-attacks against IP cameras, just in the past five months. Worse, IP cameras don't tend to have great security in place to begin with, making it relatively easy for hackers to control them remotely.
IP cameras send video directly to the internet as it is captured, and are typically used for surveillance. They're among the vast crop of 'low hanging fruit' of web-connected devices these days.  The company found that of the attacks, fully 75 percent relied on simple brute-force tactics.

Oscar Chang, of Trend Micro, had this to say about the findings:

"More verticals are seeking connected, AI-powered video surveillance applications, causing a clear paradigm shift from a relatively closed-off network to a more interconnected network operated heavily by cloud-based technologies.  Due to this shift in the landscape, manufacturers and users must pay attention to the security of these IoT devices. While the industry has known about cyber-risks, manufacturers have been unable to properly address the risk without knowing the root cause and attack methods."

Those are wise words. There is explosive growth of the number of smart devices in recent years, and hackers have gleefully appointed them by the tens of thousands and turned them into botnet armies for hire. Given those circumstances, one would think that every smart device manufacturer would make increased security of the devices they sell a top priority.

To date, however, that simply hasn't been the case.  Until that changes, we can expect to see the numbers Trend Micro and other security companies report increase until we finally reach a tipping point.

The sad thing is, it doesn't have to come to that.  If the industry were to start getting serious about IoT security and standards put in place, we could, at the very least, diminish the magnitude of the problem.  At present, that appears unlikely.

If you want to make sure that your computers and networks are safe from hacking attempts, let our IT experts at SpartanTec, Inc. help you.


SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Monday, July 15, 2019

Florida City Paid Big Bucks To Hackers Using Ransomware  

The city of Riviera Beach, Florida is the latest high-profile victim of a ransomware attack.

Recently, the city council voted to pay more than $600,000 to a hacking group to regain access to data that had been locked and encrypted via ransomware nearly a month ago.  That is in addition to the $941,000 the city will be paying for new computers.

An investigation into the hack revealed that the trouble began when a Riviera Beach police department employee opened an email from an unrecognized, un-trusted sender.  That's all it took to bring the entire city government network to its knees. Since May 29th, all city services have been suspended except for 911 services, which have been able to continue in limited fashion.

The city council didn't initially plan to pay the hackers off.  Their first move was to vote to spend the money to get new computers and rebuild their IT infrastructure.  Since that time, however, the city's IT staff has been unable to decrypt the files on their own.  In light of the lack of progress, the city council reconvened and voted 5-0 to pay 65 Bitcoins to the hackers (which amounts to a little over $600,00 USD at the time this piece was written).

Riviera Beach, a suburb north of Palm Beach, Florida, isn't the only local government to fall victim to hacking groups or ransomware attacks.  Earlier this year, officials in Jackson County, Georgia paid more than $400,000 to regain access to their files.   To date, the highest ransom paid to hackers employing this tactic was $1.14 million USD, paid by South Korean web hosting firm Internet Nayana.

Last year was a record-setting year for the number of successful hacks.  This year is on track to beat it by a wide margin.  Your company could be next.

Do you want to know if your company is at risk? Call SpartanTec, Inc. now.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Friday, July 12, 2019

Does Your Business Lack Digital Policy?


You have to take risks if you want to succeed in business. However, you shouldn’t disregard the existence of risk and the importance of managed IT services especially if you are running a business online. You have to make a realistic, authentic evaluation of the risk that comes with any business decision, considering the benefits and determining the best action to take to reduce the risk while maximizing the advantages.

Never Confuse Easy With Risk Free

The problem is that several businesses simply hope for the best to happen in all things concerning the digital world. After all, it’s become so simple to publish a post or create an online store that it also simple to assume that the risk of failing to get the attention of potential customers accounts for the biggest concern in the digital realm. But this is actually a good example of recklessness.

Calculate Your Risk

This does not mean that businesses have to stick to pens and never make the most out of what the internet world can offer. What this means is that companies must be intentional when it comes to taking on risks. You have to understand what your possible gains and losses are and how much risk you can tolerate.
Big Ignorance of Big Risks

Now everything is all well and good when it comes to theory but what about in real life situations? A lot of people don’t really know. It is not that they have no idea what they’re doing. It’s simply that many of the biggest risks are those that rarely occur to most people.

Website Accessibility

Were you aware that Americans With Disabilities Act or ADA mandates that websites should be accessible by those who are hearing and visually impaired? Therefore, all the images in your website must be linked with alt text that clearly describes the images’ content to render it accessible to those who are visually impaired and are utilizing screen readers. Is your website doing this?

Data Privacy

In the U.S., there are state and federal laws about the collection, use, as well as utilization and storage of customer data. Firms that operate globally should comply with the privacy rules for every country where they do business.

Data Transfer

Some nations do not allow the data of their citizens to be transferred to servers that are outside the national borders. If you are operating a cloud service, for instance, you may be in violation if you do not have a separate server that is physical situation in every country where you are doing business in.

Data Security

Businesses also need to protect the information of their customers. That is important when it comes to healthcare and payment processing. For instance, rules exist for limiting the payment information that companies can store, where it can be stored, who can access it and so on. Additionally, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) demands that you ensure that there’s no unpermitted access to the medical information of patients.

SpartanTec Inc. offers a comprehensive data backup as well as disaster recovery for companies. You no longer have to worry about what may happen to your firm. With our innovative options for Disaster Recovery, we can help protect the things you cannot control. You no longer have to deal with the stress associated with planning unforeseen disasters that may destroy your business. We will lower downtime in case a disaster strikes using practical methods for Recovery and Backup.

Call SpartanTec, Inc. now and let us handle all of your Disaster Recovery and Data Backup concerns.


SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Tuesday, July 2, 2019

Hackers Placing Hidden, Malicious Code In Media

If you're not familiar with the term, 'Steganography' is the term used to describe the act of hiding code in images and video.  It's a creative strategy that allows hackers to slip past even the most robust defenses. Recently, researchers at Kaspersky have discovered evidence of a novel approach to using steganographic techniques. They were apparently developed by a group well-known for their innovation.

Platinum is an advanced, persistent threat group that security researchers around the globe have been tracking since 2012.  The group has made headlines more than once for their creativity and for specifically targeting government, military, and diplomatic targets. What's interesting about Platinum's approach is that they've managed to embed malicious code into what appears to be legitimate text.

The Kaspersky researchers happened across it almost by mistake, when they were tracking what they first believed to be two separate campaigns.  The first being a back door that was implemented as a .DLL file that also worked as a WinSock Nameservice Provider (which is how it was able to maintain persistence).  In the second, PowerShell scripts were being used to fingerprint systems for the purpose of basic data theft.

The Kaspersky team connected the dots and reached the conclusion that rather than being two separate campaigns, the backdoor disguised as a .DLL is actually the second stage in one elaborate attack. Although what Platinum's ultimate purpose might be remains unknown at this time.

The researchers had this to say about their recent discovery: 

"A couple of years ago, we predicted that more and more APT and malware developers would use steganography, and here is proof:  the actors used two interesting steganography techniques in this APT...one more interesting detail is that the actors decided to implement the utilities they need as one huge set - this reminds us of the framework-based architecture that is becoming more and more popular."

Unless you're working in a governmental or military facility, you're unlikely to be on Platinum's radar. Even if you're not, their strategies will no doubt filter out to the global community of hackers in due time.  Stay vigilant.

Be sure your business is safe and protected against online threats. Call SpartanTec, Inc. now and let us help you find out if your data is at risk and what we can do to help. 



SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto