Blog

Ransomware attacks have evolved quite a lot over the course of the past year, and have become one of the most visible threats organizations of all sizes face.

That is, based on recently published research conducted by Group-IB, which analyzed the rapidly changing threat landscape. Their findings should disturb every business owner.

Here's a quick overview:

First and foremost, ransomware attacks have become much more commonplace. The year 2019 saw a 40 percent increase over 2018, which is a clear indication that hackers around the world are increasingly seeing ransomware strains as their preferred vehicle for attacking organizations.

Second, the average size of the ransom demanded has been steadily increasing, moving from just $6,000 to a staggering $84,000. The focus is on large corporations and government agencies being the driving factor behind the dramatic increase.

In terms of tactics, far and away, the most common means of gaining an initial foothold onto a corporate or government network is RDP (Remote Desktop Protocol). RDP serves as the point of entry for 70 percent-80 percent of the attacks.

Aside from this, incident response teams report that exploit kits and spear phishing campaigns were also used regularly, though these were vastly overshadowed by RDP. The teams responding to Group-IB's information requests also noted that more advanced ransomware actors relied on advanced methods that gave them access to more valuable targets.

The methods the hackers used include:

• Compromising MSP's (Managed Service Providers)
• Exploiting un-patched vulnerabilities in applications
• Compromising supply chains

The bottom line is that no one is safe, and the price of a successful breach has increased dramatically. Worse, an increasing percentage of hackers are now demanding not one, but two ransoms from each target they hit. The initial payment to unlock encrypted files and a second payment to delete their copies of stolen files, rather than publishing them for all to see.

The best way to keep your company safe from this particular threat is to minimize your reliance on RDP and to make sure you've got a robust backup plan in place. If you haven't yet taken both steps, the time to do so is now.

Used with permission from Article Aggregator

      

Great news for the legions of Windows 10 users around the world. Version 2004 comes with a significant WiFi update that includes Wi-Fi6 and WPA3 support, which will give users better wireless performance and increased security.

That's great news, but of course, there's a catch. In order to make use of WiFi 6, you'll need a router with support for both WiFi6 and WPA3.

Although those do currently exist and are available for sale today, they are new, and therefore a bit on the expensive side. Even so, the new Windows 10 update gives you a compelling reason to upgrade your equipment.

If you recently purchased a new router, it may already support the latest standard. If so, that fact will be indicated either in the router's documentation or on the manufacturer's website.

You can check to see if you're currently connected to a WiFi6 network by following these steps:

• Connect to your network
• Select the WiFi network icon on the right side of the taskbar.
• Click on "Properties," which you'll find beneath the name of your network.
• When the properties screen loads, click the "Properties" tab and look at the information displayed next to "Protocol."

If you're connected to a WiFi 6 network, you'll see "Wi-Fi 6 (802.11ax) in the Protocol box.

To see if you're connected using WPA3 security, follow these steps:

• Once you connect to your WiFi network, click the icon on the right side of the taskbar, then select Properties, located under your network's name.
• Once the screen loads, click the "Properties" tab and look at the information displayed next to "Security Type." If it says WPA3, you're all set.

To be sure you're using the latest Windows 10 update, just click your Start button, go to Settings, then Update & Security, and then Windows Update. Once there, you'll see a button labeled "Check for Updates." Click that, and if a new update is available, it will start downloading.

This is great news, and if you're looking for a simple way to boost your performance and productivity, this is it. Kudos to Microsoft for the inclusion.

Used with permission from Article Aggregator

      

Thanks to the pandemic, tens of millions of people are working from home.

Even before then, the Cloud was experiencing a tremendous amount of growth, but since shelter in place orders were issued by many governments around the world, growth has absolutely skyrocketed.

This has drawn the attention of a number of hacking groups, which have taken an increased interest in gaining access to Cloud resources, stealing login credentials and then making off with a wide range of sensitive data.

According to statistics gathered by McAfee, the number of attacks aimed squarely at Cloud services have increased by a whopping 630 percent between January and April of this year.

Broadly speaking, the attacks come in two basic flavors:

First, logins from anomalous locations that haven't previously been used and is not familiar to the organization.

Second, what researchers are calling 'suspicious superhuman' logins, which are defined by multiple login attempts in a short span of time from locations scattered across the globe. For instance, you might see one login attempt made in South America with another, a few seconds later, in Asia, and so on.

Rajiv Gupta, the Senior Vice President For Cloud Security at McAfee, had this to say about the company's findings:

"The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior."

The good news is that there's a relatively simple way for organizations to reduce the risk to near-zero. Simply enable two-factor authentication and the vast majority of these types of attacks will be doomed to fail.

The bottom line is that the risks are increasing and that's not likely to change anytime soon. Stay on your guard and make sure your people are aware. Phishing scams are the most common means of gaining access to login credentials.

Used with permission from Article Aggregator

      

Google recently announced a change to Gmail that will make it easier for the service's 2 billion+ users to experiment with different themes, layouts and settings.

Even better, users can see the results of their changes before actually applying them.

To make use of the new feature, all you have to do is click the gear icon on your Gmail screen.

This displays the settings menu, which allows you to select and view different display options, inbox types and interfaces. The changes are shown alongside your current inbox, giving you a simple way to compare and contrast. Just find one you like and once you're happy, apply the change.

The company started rolling out the new "Quick Menu" option for G Suite and consumer uses on Tuesday, but if you don't see it at present, give it a few days. With more than two billion users, it's going to take several days for Google to complete the rollout.

Google had this to say about the recent change:

"We're making these options easier to find, and letting you explore them in real time, so your actual inbox will update immediately to show you exactly what the setting will do. We hope this makes it easier to set up Gmail the way that works best for you."

It's a small point, but it's worth mentioning that the new menu option is enabled for all users by default, and there is no admin control option for it.

In any case, it's well worth experimenting with as you may find a layout that allows you to work more efficiently. Honestly, we love the new feature and we think you will too. Give the various options available a try, and kudos to Google for continuing to improve the user experience.

Used with permission from Article Aggregator

      

The hacking group calling themselves 'The Shiny Hunters' has been busy.

Recently, they put databases containing user records from eleven different companies up for sale on the Dark Web, including a massive database containing some 40 million records belonging to the popular Wishbone app.

Wishbone is a social media platform that's especially popular among children. It allows users to compare two items by way of a simple poll. The database was initially being offered for 0.85 bitcoin, which is, at the time this article was written, worth approximately $8,000.

Only days after the database was originally offered for sale, it appeared elsewhere on the Dark Web in its entirety, for free. The information it contains includes usernames, email addresses, phone numbers, geo-location data, hashed passwords, and profile data, including links to uploaded user photos. That's bad news indeed for any parent, because again, this app is especially popular among children.

A closer inspection of the records the database contains reveals that the hashed passwords are only weakly encrypted, using MD5, which can easily be broken using freely available tools, putting every one of the 40 million users identified in the database at risk.

If you're not sure if your child has downloaded Wishbone, it pays to double check immediately. Be sure to change the password on any account you or your children may have associated with the account.

For the company's part, a notice recently went up on the Wishbone website that read: "Protecting data is of the utmost importance. We are investigating this matter and will share any significant developments."

Unfortunately, the most significant development is that some 40 million of the app's users are now at risk. Don't take any chances. If you or your kids use this app, change your password immediately and be on the alert for phishing emails sent to any email address referenced in your Wishbone profile.

Used with permission from Article Aggregator