SpartanTec, Inc. Fayetteville: IT consulting

Showing posts with label IT consulting. Show all posts

Monday, September 21, 2020

5 Overlooked Security Measures When Using Mobile Devices

Implement a mobile device policy. This is particularly important if your employees are using their own personal devices to access company e-mail and data. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place as part of the IT service.

Require STRONG passwords and passcodes to lock mobile devices. Managed IT service providers say that passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way in preventing a stolen device from being compromised.

Require all mobile devices be encrypted. Experts of IT services Fayetteville NC suggest that encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that unlocks (decrypts) the data.

Implement a remote wipe software for lost or stolen devices. If you find a laptop was taken or a cell phone lost, remote “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely.

Backup remote devices. If you implement step 4, you’ll need to have a backup of everything you’re erasing. To that end, make sure you are backing up all MOBILE devices including laptops so you can quickly restore the data. While these 5 are a good start, many organizations that are heavily using mobile devices or are handling highly sensitive data such as credit card numbers, financial information, social security numbers or medical records need to be far more diligent about monitoring and securing all mobile devices.

For those of you who fit into that category, we have a special report that details X more security measures and strategies that you need to implement and know about that most IT firms don’t know or won’t tell you. For a free copy, simply call SpartanTec, Inc. or shoot me an e-mail at lcarter@spartantec.com with “Mobile security report” in the subject line.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Thursday, February 27, 2020

New IRS Tax Scammers Use Personal Data For Big Returns

Recently, the Department of Justice brought charges against Babatunde Olusegun Taiwo for using personal information acquired on the Dark Web. He used the information from data breaches to file fraudulent tax returns with the IRS.

He was able to gain enough information to file more than two thousand income tax returns that attempted to claim more than $12 million. The IRS paid out nearly $900,000 before the authorities caught wind of the scam and shut it down, arresting the St. Louis man and sentencing him to four years in prison.

The Special Agent in charge of the investigation, Thomas Holloman, had this to say about the matter:

"We will continue to pursue criminals who prey on innocent victims and we will continue to enforce our nation's tax laws. Today's sentencing should send a clear message to would-be criminals - you will be caught and you will be punished."

Taiwo isn't the only criminal to have recently been caught by the Department of Justice's drag net. In a separate announcement, the DOJ released details of the case against Hitesh Madhubhai Patel, an Indian national. Between 2013 and 2016, he leveraged call centers to scam victims out of millions of dollars by impersonating the IRS and USCIS. He was threatening victims with deportation, arrest, and jail time unless they paid bogus fines over the phone to his employees.

Patel is due to be sentenced on April 3rd of this year and could face up to twenty years of prison time, in addition to fines of up to a quarter million dollars.

Kudos to the Department of Justice for bringing these crooks to justice. One has to wonder though, for every criminal caught and jailed for activities like these, how many more remain uncaught? Too many, but progress is progress!

Call SpartTec, Inc. in Fayetteville if you need the help of IT experts in setting up the most effective methods to secure your devices, network, and sensitive business information.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Sunday, January 12, 2020

Kids Can Bypass Communication Limit Feature On iOS 13.3

If you have children that own Apple devices, be aware that the latest update for iOS 13.3 included a feature called Communications Limits.

It is designed to allow parents to set up parental controls to keep their kids from speaking to, texting with, or Facetiming with anyone who's not already in their contacts list.
It's a small but important feature addition. Hackers, scammers, bullies, or strangers can easily get phone numbers belonging to children. Even worse, they can then harass or threaten them in a variety of ways.

Unfortunately, there were problems with the implementation of the feature. For one thing, a bug in the code allowed kids to add a new number to the address book contacts list and use that as a springboard for bypassing the restrictions imposed by the software.

The bug was discovered by staffers at CNBC who were able to show that the feature worked fine on devices backed by iCloud, but not other services like Google's Gmail.
Todd Haselton of CNBC had this to say about the discovery:

"A child should not be able to add the contact to the iPhone's address book without their parent entering their PIN first if the feature is working properly."

That's a succinct description of both the problem and its solution. Right now, Apple is scrambling to generate a fix. Although the company hasn't said as much, there's a very good chance that by the next patching cycle, the company will have a fix in hand.

If you were counting on the feature, one thing you can do until the fix is ready is to make use of the Downtime feature. That allows users to restrict access to apps according to a predefined schedule. It's not perfect, but it will get the job done in the short term.

If you wish to maximize the productivity of your employees by restricting their access to unnecessary apps and programs on your network or if you wish to protect vital business information from prying eyes of unauthorized personnel, call SpartanTec, Inc. in Fayetteville now.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Thursday, January 9, 2020

FBI Sheds New Light On Ransomware Tactics

According to a recent FBI alert marked "TLP: AMBER," businesses should be on high alert for ransomware attacks.

The alert reads, in part, as follows:

"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.

The actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections and stolen login credentials."

The alert also states that the attackers behind these two ransomware strains often wield Cobalt Strike tools, including Cobalt beacons to gain remote access.

Once the attackers gain a toehold inside a target network, they'll carefully explore and map the target network, seeking out the most sensitive information including proprietary company data, payment card information and other customer details and the like.

The goal here is to identify the highest value information that can be exfiltrated to the command and control server for sale on the black market. Finally, when all of the most valuable information has been siphoned from the network, the hackers will trigger the ransomware itself, which they'll use to gain an additional payment, extorting the affected organization.

The FBI also reports that hacking operations carried out by nation-states often deploy ransomware to make it appear that the attack is the work of traditional cybercriminals, throwing forensic investigators off of their trail.

The process of network mapping and exfiltrating valuable data can take weeks or even months, depending on the size of the network. So, organizations may be infected long before the visible signs of the attack become evident. Given that, it's more important than ever to have robust security system in place. You should have remote backups taken at regular intervals and a rapid response plan in place in the event of a breach.

Call SpartanTec, Inc. in Fayetteville and let our team help you find the best IT strategy to protect your company and network from ransomware attacks.

Tuesday, December 10, 2019

Types of IT Services We Offer

Many small businesses find it challenging to deploy, maintain, and protect their technology. Whether you’re looking to keep IT costs predictable, avoid unexpected problems, communicate more effectively, or make a plan for business continuity, SpartanTec, Inc. has a solution for you.

IT Services To Choose From

Managed IT Services

Several IT service providers that deal with small businesses are referred to as managed service providers. This could cover a range of specifics but lets the business to serve the network of the company on an ongoing basis at a regular fee. It is less costly for firms as time goes by because it could prevent costly issues from transpiring in the first place.

On Demand IT

Another way to categorize an IT service firm is by providing services on demand. You could still provide the same variety of particular functions. However, instead of firms paying a regular fee every month, they just pay for every individual service if they need it.

Network Setup

We also offer a preliminary setup service for firms that are just seeking to get their networks working and fully functional. It is possible to provide this as a standalone service, but can be even more valuable as a part of a specific managed IT package.

Network Security

Cybersecurity is a primary concern for all firms. So checking and responding to possible threats is a famous service for several IT business. This is often included as part of the managed IT services. But it may also be provided as a separate service.

Database Management

A database management is a specific system that a firm uses to check and access data throughout the lifecycle. It will include certain things like employee and customer information, sales, as well as finances. It also includes the organization of data to guarantee security, compliance, as well as the performance that are applications that are driven by data.

Cloud Computing

This specific category includes all kinds of IT service that’s delivered through the internet or a specific cloud network. Therefore, a cloud platform or SaaS service falls in this category. So, we can create a kind of software that’s provided to users over the cloud and they can access it if they pay a membership fee.

Software Support

We like to deal with software products such as those that run databases, multimedia, or spreadsheets, we provide a service where we offer support for users who are in need of technical fixes. We can concentrate on a specific type of software or perhaps a list of programs or provide a service that is more generalized.

Data Storage

We offer a platform or a service for individuals or firms to store their data. We can offer on-premises storage option or cloud platform for system backups or more storage so that users do not need to keep everything on their main devices. We can also add this with a security offering when you are dealing with proprietary or sensitive data.

VoIP Service

VoIP is also referred to as Voice Over Internet Protocol. We provide an online service that lets clients communicate with other people using voice calling, either as needed or on an ongoing basis. This service could be an option for a managed IT service in Fayetteville.

Computer Repair

Computer repair services deal with computers, graphics cards, and motherboards, to name a few. This service could be provided to individuals or companies. This kind of work needs meeting with clients in person at a certain point in time.

Call SpartanTec, Inc. in Fayetteville if you wish to know more about these services or if you are interested in getting one for your business.

Wednesday, November 20, 2019

Fake Voicemail Messages Tricking People Into Opening Malicious Content

Office 365 has been the target of an increasing number of ongoing phishing scams.
The latest scam involves using fake voicemail messages to convince targets that they need to log in to hear the full recording.

Researchers at McAfee Labs had this to say about the matter:

"Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials. At first, we believed that only one phishing kit was being used to harvest the user's credentials. However, during our investigation, we found three different malicious kits and evidence of several high-profile companies being targeted."

Recipients will receive an email message informing them that they missed a call. A partial recording is available and embedded in the email, but the recipient gets little more than hello, so there's no real indication of what the message might be about.

Then, if the recipient clicks the link provided to "log in and hear the message" they will, of course, be sent to a page that looks like an Office 365 login screen. All they're really doing at that point is handing their credentials over to whomever sent the message.
As we said at the start, Office 365 has become an increasingly popular target. There's another scam making the rounds that tries to get a user's login credentials by making it seem as though the message wa
s sent by the recipient's employer's HR department and talks about an upcoming raise.

Both are powerful approaches that have been yielding better results than usual for the scammers.

Be sure your IT staff and all of your employees are aware of and on their guard against these scams. Call SpartanTec, Inc. in Fayetteville now for more information.

Thursday, October 17, 2019

Will We Control Computers With Our Brains Soon?

Over the years, Facebook has made several high-profile acquisitions, with one of their most recent being the acquisition of Oculus Rift for a staggering two billion dollars. Now, rumors are swirling that the company is on track to buy another innovative startup, CTRL-Labs. They are the makers of an innovative device worn at the wrist that uses brain waves to allow users to control electronic devices.

Estimates are that the social media giant will pay between $500 million and a cool one billion dollars to acquire the company, which is one of a number of startups creating BMIs, (Brain Machine Interfaces).

What's interesting about the offering by CTRL-Labs is that their product is worn on the wrist, while most of their competitors rely on devices worn on the head. In a few cases, they require chips to be physically implanted in the brains of those who want to use their tech.

In this regard, what CTRL-Labs is offering borrows from two different technologies that have been featured on TED talks in recent years: Pranav Mistry's "Sixth Sense" technology (which translates gestures into commands that a computer can understand) and the Emotive headset, which scans your brain for changes and translates those signals into commands.

Honestly the industry is still too small and the technologies are too unrefined to know for certain whose products will wind up being adopted as the de facto standard. However, the fact that Facebook is placing a large bet on the industry is a powerful indication that these types of technologies (whatever form they ultimately take) are the future.

It's a long-term bet, to be sure. Although there are products you can buy today, they only offer limited functionality and it will be at least five years before we see a killer app for the new tech, but one way or another, the day is coming when we will indeed control computers with our brains.

Just like the many breakthroughs in today's technology, hackers are also becoming more clever as they continue to find ways to obtain personal and business information from individuals and companies. Given that, you need to step up your game by making sure that there are no loopholes in your cybersecurity. Call SpartanTec Inc in Fayetteville and let our team help you with your security solutions.

Tuesday, September 24, 2019

Hackers Can Now Use Fake Voices To Steal Money

You've almost certainly been seeing stories on the internet this year about the growing trend of Deep Fakes.

They are videos that are expertly engineered to give the appearance of some prominent figure or another saying something that he or she never actually said.

It's a clever, computer generated ruse.

The reason it's been making headlines is that Deep Fakes tend to be really good, which makes them notoriously difficult to spot. Their recent appearance, unfortunately, is negatively impacting the national dialogue on important issues. After all, when you're looking at what appears to be evidence of a prominent figure saying something shocking, of course you're going to be inclined to believe your own eyes.

Naturally, it did not take the hackers of the world long to figure out a way to use this relatively new technology to their benefit. Recently, a UK energy company's CEO was tricked into wiring more than $220,000 USD to a Hungarian supplier. He believed that he had received verbal instructions from his boss to do exactly that, and merely complied with the order.

The only problem? His boss issued no such order. It actually came from a hacker using deep fake software to precisely mimic the voice of the executive demanding that his underling pays the supplier within the hour.

A spokesman for the company's insurance firm had this to say about the matter:

"The software was able to imitate the voice, and not only the voice: the tonality, the punctuation, the German accent."

Energy company employees caught onto the ruse when the hacker made a similar demand a short time later that same day. The second time though, the energy firm CEO called his boss personally, only to discover that he was simultaneously dealing with his fake boss and the real one.

There's no way to know how many times this has happened before, or how frequently it's happening now. Even worse, our ability to create deep fakes presently far outstrips our ability to detect them. That should give business owners everywhere pause.

Protect your business from online threats such as deep fakes. Let SpartanTec, Inc. in Fayetteville set up security measures that will protect your company from such malicious software.

Thursday, September 12, 2019

Watch Out For Old Hacking Technique Offering Free Downloads

An old hacking technique is getting new attention from hackers around the world, and it underscores the fact that people must exercise extreme caution when it comes to deciding who to trust and where to download files from.

Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads.

Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another.

The most recently discovered instance of this involves the Smart Game Booster site. It's a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it's caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product.

In this case though, the malware the hackers deploy is one of the more insidious we've seen. Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there.

When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files. It collects these and sends all the data to its command and control server, and then self-destructs.

With no outward sign, many users will be completely unaware that there's a problem until they start seeing suspicious charges on credit cards, noticing funds being removed from bank accounts and the like. By then of course, it's far too late.

The bottom line here is simple: Be mindful about where you download files from. Check your URLs, and unless you can avoid it, never stray far from the big, well-respected sites like the Apple Store, Microsoft Store, or Google Play Store. It's just not worth the risk.

Call SpartanTec, Inc. in Fayetteville and let our team help you find out if your network or computer has been breached. Our IT staff will also set up the most effective measures to make sure that you and your business are protected against the most common yet vicious online threats.

Thursday, September 5, 2019

Study On Passwords Shows People Still Use Breached Passwords

Google recently released a large-scale password study that will probably give every IT manager in the country heartburn. The results of their study indicate that a disturbing percentage of users continue to use passwords after they've been warned that those passwords have been compromised.

One of the most common tactics hackers employ is called 'password spraying.' It's a simple technique. The hackers simply try several compromised passwords (even if they've been floating around the Dark Web for months) thinking that a surprising percentage will still work. Google's study confirms the hackers' beliefs to be true.

Right now on the Dark Web, there are more than 4 billion passwords known to be compromised. The scope and scale of the problem is staggering. Worse, the users who have compromised accounts are, as a rule, slow to do anything to mitigate the danger. According to the results of the study, only 26.1 percent of users who saw an alert indicating a compromised password bothered to change it. Barely one in four.

Even when users did bother to change their passwords, 60 percent of the time, the new password was found to be vulnerable to a simple guessing attack. Although in fairness, 94 percent of changed passwords wound up being stronger than the previous one.

To collect the information, Google relied on a newly offered Chrome extension called Password Checkup, which it claims is superior to Firefox's Monitor and the "Have I Been Pwned" website.
The company contends that these other solutions could be exploited by hackers, summing it up as follows:

"At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels...For example, both Firefox and LastPass check the breach status of user names to encourage password resetting, but they lack context for whether the user's password was actually exposed for a specific site, or whether it was previously reset.

Equally problematic, other schemes implicitly trust breach-alerting services to properly handle plaintext usernames and passwords provided as part of a lookup. This makes breach alerting services a liability in the event they become compromised (or turn out to be adversarial)."

Call SpartanTec, Inc. in Fayetteville now. Our team will determine if your passwords are compromised and help you set in place security measures that will minimize the risk of online breach.

Sunday, August 4, 2019

New Ransomware Targets Network Attached Storage Devices

Yet another new ransomware family has been found in the wild, discovered independently by researchers at two separate security firms, Anomail and Intezer. The new strain has been dubbed "QNPCrypt" by Intezer and eCh0raix" by Anomail and is written in the Go programming language. When it encrypts files, it chances the file extension to ".encrypt" via AES encryption.

The fact that the strain was written using Go is interesting. What makes it truly unique, though, is that it primarily targets Linux-based NAS (Network Attached Storage) devices made by a specific company. It only seems to impact devices made by Taiwan-based QNAP Systems.

Worst of all though, is that the devices targeted by this new malware strain seldom have anti-virus programs on them. Even if they did, there are only a handful of products currently capable of even detecting the strain. By the time you know it's there, it's already too late to matter.

The good news though, is that the security researchers found a flaw in the code. Like most ransomware, after it encrypts your files, it demands payment in Bitcoin in exchange for un-encrypting them. The authors of the malware designed the software to connect to a command and control server prior to the encryption step in order to receive a unique Bitcoin wallet address. It relays this address information to the victim after their files are encrypted in order to facilitate payment, but there's a catch.

The server only had a finite number of wallet addresses available, and if there are no wallet addresses, then the encryption step never occurs. The researchers created many "fake victims" and simply ran the command and control server out of unique Bitcoin wallet addresses. It's a temporary fix, to be sure, but it buys time.

Researchers from both companies offered the same advice in terms of minimizing your risks:

Never unnecessarily connect your NAS devices directly to the internet
Always enable automatic updates to keep firmware up to date
Use strong, unique passwords to secure your devices
Make frequent backups just in case.

Those are all good pieces of advice generally. If you make a habit of all four, you'll be miles ahead of the game.

Call SpartanTec, Inc. for more information on how you can keep your company safe against ransomware and other common online threats.

Monday, July 15, 2019

Florida City Paid Big Bucks To Hackers Using Ransomware

The city of Riviera Beach, Florida is the latest high-profile victim of a ransomware attack.

Recently, the city council voted to pay more than $600,000 to a hacking group to regain access to data that had been locked and encrypted via ransomware nearly a month ago. That is in addition to the $941,000 the city will be paying for new computers.

An investigation into the hack revealed that the trouble began when a Riviera Beach police department employee opened an email from an unrecognized, un-trusted sender. That's all it took to bring the entire city government network to its knees. Since May 29th, all city services have been suspended except for 911 services, which have been able to continue in limited fashion.

The city council didn't initially plan to pay the hackers off. Their first move was to vote to spend the money to get new computers and rebuild their IT infrastructure. Since that time, however, the city's IT staff has been unable to decrypt the files on their own. In light of the lack of progress, the city council reconvened and voted 5-0 to pay 65 Bitcoins to the hackers (which amounts to a little over $600,00 USD at the time this piece was written).

Riviera Beach, a suburb north of Palm Beach, Florida, isn't the only local government to fall victim to hacking groups or ransomware attacks. Earlier this year, officials in Jackson County, Georgia paid more than $400,000 to regain access to their files. To date, the highest ransom paid to hackers employing this tactic was $1.14 million USD, paid by South Korean web hosting firm Internet Nayana.

Last year was a record-setting year for the number of successful hacks. This year is on track to beat it by a wide margin. Your company could be next.

Do you want to know if your company is at risk? Call SpartanTec, Inc. now.

Friday, March 1, 2019

New Android Malware Can Drain Your PayPal Account

Are you among the millions of people who use an Android Device? Do you also use PayPal? If your answers to both questions is Yes, then there is something that you really need to know. It could be one of the many reasons why you need to pay attention to information security.

Hackers have found a new way to steal money from your PayPal accounts. They are using a few versions of an app that is known as “Optimization Battery.” They have embedded a Trojan that can take your hard earned cash in PayPal even if your account is protected by a two factor authentication.

ESET researchers discovered the latest threat. They have conducted an in-depth analysis of its code and they discovered that the threat is well engineered and must be considered as very dangerous. The Trojan inserted in the app will abuse PayPal’s “Accessibility” to replicate screen taps. By doing so, the malware can start a fresh PayPal transfer, put in the information of a certain account that is under the control of the hacker as the receiver, and type in the amount that will be transferred. All of this can take place in as short as five seconds, which is obviously not enough time for the real user to stop the transfer.

To make things worse, the unauthorized transfer is set to happen whenever the victim logs into his or her PayPal account. That means the victim will only have time to check his or her account and after a few seconds, he or she will see his money be transferred to someone else without his approval. It happens so fast that the user might even think that it is only a glitch. Some may even have to suffer more attacks before they find out that there is something wrong going on.

If there is any silver lining to this scenario, it is that the malicious version of the app, Optimization Battery, exists only 3^rd party vendor websites. It does not exist in Google Play Store. What is the best way to protect yourself? You can minimize your risk by limiting your app downloads from Google Play Store.

Also, if you are using an Android device and you are using PayPal as well, and you installed Optimization Batter, then you better keep a close eye on your PayPal account. The hackers might be stealing from you under your nose. Better yet, get in touch with an IT consultant.

Call SpartanTec, Inc. if you need to know more about information security.

Are Your Company’s Digital Credentials for Sale on the Dark Web?

Find Out with a Complimentary Dark Web Scan click here;

To help keep your critical business assets safe from the compromises that lead to breach and theft, we are offering a complimentary, one-time scan with Dark Web ID™ Credential Monitoring.

Cybersecurity doesn’t have to be too overwhelming, expensive or complicated. The first step to protecting your business is understanding
your risk.

Contact us today, to find out how we can help!

GET YOUR FREE DARK WEB SCAN