cybersecurity

Safe from Kaseya Hack

Cynexlink Clients are Safe from the Kaseya Hack


Many of you may have read over the weekend that an IT infrastructure management company called Kaseya was successfully breached by a ransomware hack. This event potentially impacted thousands of companies because their IT managers – MSPs like us – used that Kaseya tool to monitor their clients’ networks.

All Cynexlink clients should take comfort in knowing this: you have ZERO exposure to this event.

**Note: if you are visiting our site for the first time, your current MSP uses Kaseya VSA and you are looking to make a change, the quickest way is by contacting us here. We have created a special offer for Kaseya clients and we will reply immediately to help your organization chart a rapid path to IT safety.

The article below provides a quick background on what Kaseya does and why this breach is potentially so far-reaching, as well as why we weren’t completely stunned by news of this breach.

Who & What is Kaseya?

All Managed Service Providers (MSPs) like Cynexlink use various software solutions to manage and monitor their clients’ networks for patching, operating system status, data backup, email spam protection and much more.

The primary monitoring software used by companies like ours is an RMM solution, which stands for Remote Monitoring and Management. Such a tool helps provide us visibility at scale, reporting, automation, efficiency and more. While an RMM solution is merely one tool in the toolbelt of an IT solutions provider like us, it serves as the heartbeat of the MSP’s tech stack.

Kaseya’s RMM product, which they call VSA, is what was breached. This means that not only were all of Kaseya’s MSP clients put at risk, so too were all the end clients of those MSPs! Initial reports said 200 companies were impacted by this breach; we will be very surprised if that figure doesn’t end up far higher when the dust settles.

Familiar names of RMM solution providers include smaller companies like NinjaRMM, N-Able and Atera, while the two biggest, most credible players are ConnectWise and Datto. We use Datto because their RMM tool, Autotask, is our industry’s gold standard.

Kaseya’s Place in the IT Universe

Kaseya has been working feverishly to move up into the top-tier IT provider category alongside Datto and ConnectWise, which is why it attracted so much private equity interest a couple years ago.

Behind the scenes, there has been a ton of consolidation in our industry over the last few years, and it has centered on these RMM tools – either as acquirers or acquirees – driven by economies of scale. By adding firewall management, backup and recovery, cybersecurity tools and more to an RMM under one roof, the potential for growth is staggering. This is why Kaseya has raised over $500MM dollars over the last 2+ years — to grab a piece of that market.

The path to providing more and more IT solutions beyond the RMM tool comes down to a choice between building it and buying it. Kaseya chose to raise money and buy.

With all that fresh PE money, Kaseya went on a torrid acquisition spree, buying backup providers, cybersecurity companies, anti-phishing solutions, network assessment programs and more. The management challenge with such consolidation plays, however is huge: not only do company cultures have to be merged, so do all the business units, product features and technologies used. In such a growth-first environment, key details can be missed without any ill intent whatsoever.

Indeed, our team spends more than 500 hours per year in training and product review sessions in order to stay up on the latest technology and cybersecurity solutions for our clients. When a new, better tool comes along in a category, it gets added to our tech stack and the previous leader gets the boot… being able to monitor IT advancements is one of the big advantages of hiring a firm like ours.

As part of our ongoing IT vetting process, we have assessed a number of Kaseya products in the last couple of years. Without being too specific for not wanting to drive the stiletto too hard at this moment in time, there were definitely some warning signs that key details were being missed.

Massive Business Challenges Remain

It will be interesting to see how Kaseya simply survives this high-profile event.

In the short-term, there is the issue of the $70 million ransom the hackers are demanding to release the stolen data.

Next, every MSP client of Kaseya must be exploring a move to a competitor this morning, but a systemic transfer of that kind is no overnight project. If those MSPs don’t move, however, their end clients will wonder how their IT provider can stay put — or how they can continue to work with, and have confidence in, an MSP that won’t leave Kaseya.

Maybe all of this can be fixed with a little P.R. and a lot more of what matters — actual cybersecurity investment and restructuring. Only time will tell.

For those end clients who don’t want to wait and need help getting away from Kaseya, contact us not only for a special offer for Kaseya clients only, but a simple 3-step, 3 week plan to provide a port in a storm for your network and data.

Read more
Raccoon-Malware

Raccoon Malware: A Threat to Cybersecurity


As if you didn’t have enough difficulty maintaining your cybersecurity, now there is a masked bandit on the loose – for a fee!

Raccoon (a.k.a. Mohazo, Revealer and Legion) malware appeared out of the former USSR in early 2019, is still very active, is available on the dark web for approximately $200 per month, and has a development team which not only creates frequent updates (such as the ability to steal FTP server credentials) but which responds to user requests for enhancements (e.g., keylogger as a possible upcoming feature). The ease of use via a simple dashboard and excellent customer service, if you can believe that, make this malware a long-term threat to your information systems. Unfortunately, its popularity with hackers appears to remain quite steady.

What does Raccoon do? It is an information stealer operating as a MaaS (Malware-as-a-Service) model. Creeping in through phishing and other attack modes, it is able steal data from up to sixty (60) applications, including the leading web browsers.

It has also been used to access cryptocurrency, credit card and e-mail accounts, plus other applications through which data is gathered in order to perpetrate financial and identity fraud against victims. Once the desired information has been accessed, whether it be screenshots, OS data, system settings, or simply the usernames and passwords from various browsers and activities, the data is sent by zip file to the hacker. This ease of use has created over 100,000 infected devices since even the non-tech savvy can operate this malware.

As noted above, Racoon often arrives through phishing scams, ones which can take many forms. It can be deployed within attachments to e-mail spam, a Dropbox .IMG file or even as “bundled malware” wherein it is attached as a rider to a legitimate software download. However, the most popular distribution vehicle for this software is the use of exploit kits, which can deliver the malware without the user’s knowledge while the user does something as routine as surfing the web.

What if your company gets attacked by Raccoon Malware?

If by any chance your company gets attacked by racoon malware what happens then? Relax! There are recovery steps that you can take to eliminate this virus.

First, you need to isolate the effected device. Any suspected device, whether it is connected to other multiple device or not, it needs to be disengaged completely and then an IT specialist needs to be contacted to kill the malware completely.

Secondly, every good IT specialist always advices to have a backup recovery plan for these graves situation. If by chance, your company fails to do so, then you need to make sure that none of the information of the company or the companies connected with your devices has been compromised. The influenced companies should be contacted and advised to change their accreditations.

Lastly, the best solution is to contact an IT specialist ASAP to resolve the whole matter. As they have the expertise to protect your company from these threats!

How can your IT personnel work to protect your company and resources from this threat?

As usual, the emphasis on employee awareness of the need to protect company assets by not opening suspicious content (including malvertisments which may occur on legitimate sites) must be paramount. Training staff to recognize and resist social engineering lures which attempt to bait those clicks is also necessary.

In addition, the BYOD/T (Bring Your Own Device/Technology) environments which allow employees to use their own software, hardware, and/or cloud storage may create a Shadow IT situation which opens your business to these attacks. Your entire IT team, and especially the IT security group, should be aware of this possibility and be active in using up-to-date firewalls and other pertinent software to diminish unauthorized accessing of your systems. For remote employees, your IT team should install on their devices the same antivirus, anti-malware and other safety software as is used by the business at large. Employees using hardware or software not recognized by the protocols implemented by IT should not be allowed system access.

Finally, since Raccoon also scans the caches created by browsers and apps as well as broken downloads, recent files, and other junk that is problematic or infrequently used, a proper repair tool that can sort through and delete these items is essential.

Never forget, your team’s knowledge and skill is an invaluable part of safeguarding your data and business. Proper use of antivirus, anti-malware and other tools to search for and destroy these types of programs is essential. Moreover, their understanding that these threats, especially the ever adapting Raccoon, require constant vigilance; ongoing cybersecurity training meant to thwart those who seek to wreak havoc within your business is vital to your security and peace of mind.

Be aware and take care!

Read more
Cybersecurity vs Information Security

Cybersecurity vs Information Security: What are the differences?


Cybersecurity vs Information security. I hear you thinking…, What!  I thought cybersecurity WAS information security!  Well, yes, and no.  Let us start with a detailed definition or two.

Cybersecurity vs Information Security

Cybersecurity protects from attacks via cyberspace (that nebulous entity we have all created to work and play in via our technological devices and linkages).  This form of security covers your computers, smart phones, laptops, and other hardware as well as the means of accessing, linking, and communicating through them (think LANs, the internet).

Cybersecurity attacks may target a website your company keeps but are more likely to target the data your company stores and uses to run your business.  This is why information security is important to understand.

Information security concerns itself with the actual raw data your company collects (such as a field requiring a date: MM/DD/YYYY) and the information derived from that data (e.g., a DOB versus a policy renewal date).  This information may be stored digitally (say on a server via the cloud), in an analog format (think about forms or photos in a file cabinet), or both (perhaps a thumbnail drive within a desk drawer).

It is the job of the information security staff to work with a company’s leaders to define and understand what data is most necessary to the successful completion of business tasks and how, in whatever format it exists, it should be protected.

Concerns with Information Security

The primary concerns of information security regarding data are: integrity, confidentiality, and availability.

Integrity – guarding against the improper or accidental modification or destruction of data.

Integrity can be maintained by making sure only permitted persons may edit, modify, delete, or destroy (e.g., shred aged documents) data.  It also includes ensuring authenticity (i.e., being able to verify the identification of a person or process) and nonrepudiation (making sure a sent message or signed document cannot de disputed).

Examples of integrity loss would be analog information not properly protected from environmental conditions (fire, flood, etc.) and so damaged beyond use or digital information improperly transferred or changed without approval.

Confidentiality – reserving access to data – think “need to know” – by preserving authorized restrictions to access and disclosure.

This is especially important for personally identifiable information (PII – such as social security and credit card numbers) and protected health information (PHI).

Here, again, restricting access to those who need the information to perform their job duties is important to protecting information content privacy

A breach of confidentiality may be brought about by human error, intentional sharing of data, malicious entry, etc.

Availability – ensuring that access and use of data is timely and reliable.

Availability is maintained through continuity and functionality of access procedures, backup or duplication of information, and maintenance of hardware and network connections so that data is accessible when needed by the users for daily applications and for business decisions.

As with integrity, a loss of availability can occur when networks are damaged due to natural disasters; or when client devices fail.

In addition, your Information Security personnel should be aware of the many legal and regulatory requirements (like NIST, GDPR [European Union law], HIPPA, and FERPA) of your industry that affect the company’s information security requirements and be able to develop and disseminate guidelines which inform employees on how to protect business sensitive information throughout their work cycle as pertinent to said guidelines.

As you can see, your data damage prevention/recovery and threat mitigation processes will span the information security and cybersecurity assignments making it essential for personnel from both teams to understand the needs of the other and work closely to develop protection protocols for your sensitive business information.

Therefore with the alignment of your cyber and information security teams employees can be trained in the whys and hows of information protection and be helped to understand how conscientious application of developed procedures – whether usually considered as pertinent to cybersecurity (e.g., strong passwords, multi-factor authentication), essential to information security (such as who is responsible for safeguarding sensitive physical material in an emergency), or both (whom to make a report to regarding suspicious activity, keeping mobile devices under lock and key when not in use),. – creates a safer environment for your critical and sensitive business data and aids in keeping your business up and running.

Read Also: Cybersecurity Best Practices for Small Businesses

Remember, one cannot have information security without having cybersecurity but cybersecurity has no true value without an understanding of the information to be secured.  And though information security covers digital data in cyberspace it must not forget the analog data lying around the company.

Plan well and take care!

Read more

Podcast: SD WAN for the Home Office


As a primer for our upcoming webinar on June 25th (Register), we conducted a short interview with VergX COO, Chris Chirico, about SD WAN and how it’s not just for the office anymore. VergX is the technology partner solution which powers Cynexlink Enterprise SD WAN and the new Cynexlink Home SD WAN.

Has a key employee lost his or her home internet connection at a critical moment due to heavy demand on the home wifi? Don’t let that problem plague your team any longer.

You can learn more by listening to our roughly 10-minute conversation right here:

Now, companies of all sizes can use this fast-growing solution to secure, manage and prioritize the flow of data — even in employees’ home environments! This is truly a simple, cost-effective game changer for savvy organizations to utilize.

And again, be sure to join us at 10am PDT on June 25th for a full, free webinar presentation regarding all SD WAN can do:

Enjoy the podcast above and we hope to see you on the 25th!

Read more
corona virus (covid 19)

With Employees Working Remotely, You Have New Security Risks


While emerging companies increasingly leverage remote workers, the COVID-19 outbreak has caused many companies to adopt the same practice en masse.

Hackers are well aware.

Not only did those bad actors immediately try to capitalize with an array of Coronavirus-related phishing emails, now their cute little stunt is sharing infection maps that are laden with malware: https://www.techradar.com/news/hackers-are-spreading-malware-through-coronavirus-maps.

As an aside, here is a safe version of such a map from the WHO: https://experience.arcgis.com/experience/685d0ace521648f8a5beeeee1b9125cd

Now, back to that new attack vector…

With so many employees working remotely, are you certain their devices are safe from attack? We ask because while many companies do a good job of protecting their network infrastructure (servers, domain controllers, etc.), security on the laptop or mobile device is often lacking.

If a company is unsure of the efficacy of its hosted endpoint security protection, NOW is the time to do a review. If you need some help, we’re here and are actively conducting such reviews on behalf of new clients; we have the expertise, know the vendors and their various feature sets to help find the right fit for organizations of all sizes.

In the meantime, let us also share some useful information below relating to COVID-19, links we provided to our clients recently. Feel free to copy and paste this information for sharing with your workforce… and stay safe out there!

– The Cynexlink Cybersecurity Team

Now, for those resources:

The U.S Department of Homeland Security has issued a warning with regard to the Coronavirus (COVID-19) outbreak and its impact on technology within personal, business and professional settings.

It is advised that individuals be on alert for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19

The Hyperlinks below are to federal government websites and have been verified by us as valid/safe

The Cybersecurity & Infrastructure Security Agency (CISA) encourages individuals to remain vigilant and take the following precautions.

  • Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
  • Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
Read more

Who’s the Phish? Shark Tank’s Barbara Corcoran, it Turns Out


How phishing affects businesses?

Imagine you’re on the finance team for a mid-sized business, with regular duties that include accounts payable. Your boss sends an email instructing you to pay Client XYZ today and includes full wiring instructions, details with what the payment is for, etc. What do you do?

You might send that wire with no questions asked.

Problem is, the situation described above is becoming increasingly common, as Shark Tank’s Barbara Corcoran discovered recently:

“This morning I wired $388,000 into a false bank account in Asia,” the real estate mogul tweeted a couple of weeks ago. Here’s what happened:

Corcoran’s bookkeeper Christina received what appeared to be a routine invoice from Corcoran’s assistant Emily to approve a $388,700.11 payment to a German company called FFH Concept.

The bookkeeper replied asking, “What is this? Need to know what account to pay out of,” and the cybercriminal posing as Emily was able to give a credible, detailed response that FFH was designing German apartment units that Corcoran had invested in. Corcoran does invest in real estate, and FFH is a real company in Germany. (full article)

Poof! Money gone.

Now, in this case, there’s a happy ending, as you may have read a few days later: Corcoran Gets Her $400k Back

That said, such positive outcomes are rare – usually, the funds are not recoverable. Indeed, are you confident you can put the kind of pressure on a bank that Barbara Corcoran can?

And don’t just shrug your shoulders and decide it won’t happen to you. Hackers target smaller businesses precisely because their security is less sophisticated. Plus, scams are like these are pretty slick, as she explains:

“I lost the $388,700 as a result of a fake email chain sent to my company,” Corcoran told the outlet. “It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.”

How can you avoid such pitfalls?

First, better practices: have a process in place for confirming such requests with your team, usually by a live phone call. It’s time well spent.

Further, train your team to be better at spotting such phishing scams – in this case, there was a missing ‘O’ in the sender’s email address which should have provided the clue.

The best news is this: anti-phishing employee training from Cynexlink is very affordable and provides incredible bang for the buck.

Click here to learn more about the valuable service and don’t get caught off guard – it can happen to anyone!

Read more
Botnet Attack

Everything You Want to Know About a Botnet Attack


It is no secret that botnet attack have become significant security threats but what are they, exactly?

What is a Botnet Attack?

A botnet attack is performed by hackers using a collection of malware-infected devices, often termed as “zombies,” which are being controlled by the attackers. We often think of servers and computers being used in such an attack but increasingly, IoT devices like cameras, thermostats and more can help form botnet clusters.

Threat actors gain access to a device by using particular viruses to weaken the computer’s security system before executing “command and control software” to let them conduct their malicious activities on a large scale.

These activities can be automated to carry out countless simultaneous attacks, paralyzing infected devices for ransom or damage while also disguising their identity via the vast botnet network.

A botnet is used in many cybercrimes such as exploiting and making a financial gain, malware propagation, or just general disturbance of the Internet.

Botnet attacks are launched in many ways, including:

  • Spam Emails

The spamming process can be conducted by posing bots as a content server while others as SMTP servers. A spam campaign includes message templates, a senders list, and a recipient list.

  • Launching a DDOS Attack:

A Distributed Denial of Service Attack (DDoS) is another type of botnet attack launched on a website, company or government. This is conducted by sending many requests for content that overwhelms and shuts down the targeted server or website.

  • Ad Fraud

Cybercriminals can utilize the combined processing power of botnets to run fraudulent advertising schemes to attract clicks to get a percentage of ad fees.

  • Distributing Spyware, Malware, and Ransomware

Botnet attacks are also conducted to distribute spyware, ransomware, and malware.

  • Selling and Renting:

Believe it or not, botnets can be found for sale on the dark web to other cybercriminals to exploit!

How to detect a botnet attack:

Botnet attacks are very difficult to identify because they run with a key server controlling every bot in an order and control model. Such strategies often make it difficult to detect the botnet attack.

For such attacks, the first critical step is to recognize the attack immediately and track down that key main server. Inert analysis methods can be useful to spot contaminations in devices. These are run when the device isn’t executing any projects and include searching for malware marks and other doubtful associations with order and control workers that search for guidelines and suspicious executable documents.

The best antivirus programs can also help distinguish botnet attacks somewhat, yet most cannot spot tainted devices. Another intriguing strategy is utilizing honeypots, which are phony frameworks that lure a botnet attack through a fake penetration opportunity in order to help identify threats in the first place. For bigger botnet attacks, similar to the Mirai botnet attack, ISPs in some cases cooperate to recognize the progression of traffic and to find a way to stop the botnet attacks.

For most companies, it is critical to work with a cybersecurity firm with the expertise to recognize ongoing threats and compromised devices within the organization.

How to Prevent Botnet Attacks?

  1. Emphasize Cybersecurity Education

For companies of all sizes, training their people is key. Employees should be trained to report unauthorized emails to the IT team, how to spot phishing emails, not to use public Wi-Fi without using a VPN and more.

  1. Keep All Software Up-to-Date

Software patches should always be applied promptly – beyond your browser and operating system, don’t forget to update antivirus protection, too!

  1. Spam Filtering:

Email filtering solutions should be enabled to prevent most malicious messages from getting into the email inboxes. The more messages that are blocked, the less risk there is of your staff interacting with a phishing email.

  1. Avoid Downloads from File Sharing Networks and P2P

Botnets regularly capitalize on P2P networks and file-sharing services to exploit company networks. Make sure all files are downloaded only from trusted sources and they’re scanned before and after downloading.

  1. Control Access

Use multi-factor, risk-based authentication and other safe practices for access controls to prevent a successful botnet invasion on one machine from affecting the entire network.

Read more
VULNERABILITY SCANNING

Vulnerability Scanning: Pros, Cons and Best Practices


Vulnerability scanning has become an important practice in cybersecurity

There are a lot of threats that can be discovered on a daily basis. And these threats can damage your valuable data and systems. Therefore, it is important to detect your network ecosystem for associated risks. 

But it is equally true that vulnerability scanning has its own limitations. They can deal with the vulnerabilities known to them. Using outdated or inferior vulnerability scanning tools can give a false sense of security. 

To equip you with the right outlook towards vulnerability scanning, here we have come up with some key pros and cons of vulnerability scanning. 

Advantages of Vulnerability Scanning:

  • Quick Results:

The key benefit of vulnerability scan tools is that they generate quick results. 

  • Repeatable:

An automated vulnerability scan can be repeated as you can decide when and how long to perform the scan. 

  • Easy to Use:

Most vulnerability scanning tools come with a user-friendly interface. However, a security specialist is still required to read the results obtained through these tools. 

  • Constant Monitoring:

Vulnerability scanning software can be used effectively for constant monitoring. 

Disadvantages of Vulnerability Scanning:

  • Not Locating All Vulnerabilities:

A vulnerability scanning tool can miss on some threats, so you have no idea which vulnerability can be exposed by a threat actor. For example, it might not detect the threat that is unknown to its database. Sometimes, the vulnerability is too complex to be detected by an automated tool. 

  • Giving a False Sense of Security

If you have a large IT infrastructure, plenty of servers and data systems, it can be challenging to understand the impact of the vulnerabilities detected by the scanner. Consequently, you end up with a false positive. If you are not a cybersecurity pro, it would be time-consuming and overwhelming to detect such things. 

  • Unclear Vulnerabilities

If a vulnerability is spotted, it is sometimes challenging to examine its impact on your business operations. An automated tool won’t educate you on this while a system admin will likely be more concerned about the technical part of the vulnerability.     

Hope these pros and cons would help you develop the right outlook towards vulnerability scanning tools. The point is here that you shouldn’t blindly believe the results as no tool is perfect. Therefore, keep your tools updated and run a frequent scan that can be once a week or month. 

Need for Vulnerability Scan?

For organizations in need of quantifying their exposure to surface level risks, vulnerability scanning can be a cost-effective method of discovering available attack vectors, albeit with some shortcomings that are important to understand.

First, a vulnerability scan is not equivalent to a network penetration test. In a pen test, vulnerabilities are not only discovered, but they are also exploited and re-exploited, if possible, in the name of discovering all potential damage a harmful actor could do if able to gain access to an organization’s network.

Such testing is carried out by a live specialist – in our case here at Cynexlink, by our Certified Ethical Hacker (CEH) – who thinks and acts like an intruder.

How does it work?

Vulnerability scans, on the other hand, are typically run via automated programs. While these scans can be effective at performing network discovery, identifying open ports, missing patches, misconfigurations and more, it should also be remembered that such scans only uncover surface vulnerabilities – those weaknesses that exist in isolation, independent from other weak spots.

Unfortunately, vulnerabilities rarely exist in isolation. Indeed, a string of seemingly low-level individual risks could leave a gaping security hole while leaving the scanned organization falsely confident in its risk profile.

Out-of-date signature repositories and the ability of network-based scanning solutions to run only on active systems are further drawbacks, which means poorly established vulnerability scans can either be inaccurate or more labour-intensive than imagined.

If run by an experienced provider who knows how to avoid the potholes mentioned above, however, vulnerability scanning can indeed provide great cybersecurity bang-for-the-buck.

Here are five rules for ensuring a positive outcome with vulnerability scanning: 

  • Scan All Network Assets

Make sure to scan each device and access points within your network ecosystem. Assessing all assets within the system helps expose various loopholes within the infrastructure and lets you create solutions accordingly. Moreover, create an inventory list including all network assets regardless of their function, and determine which target to be scanned from your inventory.

  • Scan Frequently

The gap between the scans can be critical as this time interval leaves your systems exposed to new threats. Scanning can be done weekly, monthly, or quarterly. If done frequently, not every network device is required to be scanned, minimizing the time and effort while providing layered network coverage. Your network architecture and device impact are factors that help determine scanning intervals.

  • Set Accountability

Create asset owners or asset supervisors to create accountability. For example, roles can be designed to protect specific devices and take actions in the event of a data incident. However, asset owners shouldn’t be confined to tech teams; business owners can also oversee some systems.

  • Run Patching Process

Patching internet-enabled equipment for all discovered vulnerabilities is more crucial than patching similar devices that have already been blocked by firewalls or settings. This is a time-management practice that can be needed due to resource limitations and it is essential to focus on assets that provide the highest risk levels to the enterprise.

  • Document All Scans and Their Results:

Make sure to document all scans and their outcomes. Every vulnerability scan should be scheduled utilizing a management-approved timetable, with an audit process set to provide detailed reporting. By documenting the scan run according to a timetable, companies can monitor vulnerability trends and issues, identifying susceptible systems and creating accountability.

Interested in learning more about how Cynexlink provides pen testing and vulnerability scanning solutions for companies of all sizes? Contact us to learn more!

 

Read more
hacker

How To Protect Your Data From Hackers


Hackers are the digital thieves who illegally get into your network to steal valuable information—financial data, passwords, intellectual property, personal information, or whatever crucial information they can get their hands on.

This data is generally used to steal money from accounts or to set up credit cards, and they may even sell data to your competitors.

In fact, all they need is one account or device to inflict damage. On top of that, they are not easy to stop because they are often located outside the country. They use sophisticated technology to resist law enforcement and get massive amounts of information.

According to one survey, 52% of data breaches are hacking. Hackers attack every 39 seconds, accounting for 2,244 times a day. Another scary finding is that hackers steal 75 records every second.

Don’t think that your business is too small to be attacked. Small businesses are always on the radar of cybercriminals due to outdated security systems and lack a cybersecurity team.

Fortunately, you can minimize or eliminate the risk by taking precautions.

Here are some security tips to protect your business data from hackers. 

Be Careful with Your Password:

Creating a strong password may seem an essential piece of advice, but the fact is that not all users are serious about their passwords. Most users still create secure passwords like ABCD, 1234, or their date of birth.

Such passwords are low hanging fruits for today’s sophisticated cybercriminals. Therefore, you need to create a strong password and change them frequently.

A strong password is a combination of alphabets, numbers, and special characters. Don’t use the same password for all accounts.

Work With the Right ISP:

Make sure to choose the right Internet Service Providers or ISP beyond their cost and speed.

The market is stacked with plenty of ISPs. Go for the one that comes with built-in security features. ISPs have a significant impact on cybersecurity because of their prominent position in the network.

Internet service provider

Limit or Block Access to Unnecessary Sites:

Restricting access to certain websites minimizes the risk of a security breach, so it’s the right thing to make sure only the authorized users get access to specific data.

Similarly, blocking specific sites from being viewed reduces the risk of viruses and spyware injecting sites from being accessed within your network.

Therefore, take the necessary measures to block malicious sites and make sure your security tools like antivirus are upgraded.

password

Use Up to Date Security Programs:

The simplest way to protecting your data from hackers is to update your security software. The constant updates might seem to hassle, but you should stick to them.

Using dated software can increase the risk of being hacked. Upgrades are essential to improve the efficiency of the security tools against the latest malware. Besides, you need to back up your data at least once a week.

Security Program
Protect Your Network:

With an unsecured Wi-Fi network, you are asking for trouble. Hackers utilize a technique known as wardriving, and it’s quite lethal. Wardriving is when cybercriminals equip their cars with high powered antennas and drive around scanning for the vulnerable network. When these hackers find a soft target, all of your passwords, finances, and data are on the risk.

Therefore, make sure to protect your Wi-Fi network and rely strictly on wired networks.

network

Educate Your Employees:

Employee negligence is one of the factors leading to cyber-attacks. For example, your employees can use weak passwords or leave their devices containing relevant data exposed. Or they may open emails that contain malicious links.

This way, they are making your data prone to attack unintentionally. Therefore, you need to educate your employees on cybersecurity. Besides, it would be best if you created formal company data policy, setting acceptable and prohibited online activities for employees. Their email access to personal smartphones via the company’s Wi-Fi should be restricted.

Employees

Conducting regular cybersecurity workshops are also an effective way to keep your staff educated on cybersecurity. If you are small enterprises, you can organize these events together with other local small businesses. Moreover, organizing cybersecurity workshops for your clients can be a great branding opportunity.

Practicing cybersecurity on a daily bases strengthens the security of your organization, eliminates the risk of hackers, and makes your business’s landscape safe and sound.

What do you think? Please let us know by commenting below.

Read more
Botnet

5 Most Ignored Signs of a Malicious Bot ATTACK!


According to a 2017 survey, bot traffic has surpassed human traffic on the Internet.

What is Modern botnet and why they are dangerous?

Modern botnet

The modern botnet is one of the sophisticated cybercrime techniques. A botnet is a collection of internet-connected devices infected by malware that lets cybercriminals control them. The botnet attack is commonly used to get unauthorized access, data theft, DDoS attacks, and credentials leak.

Because of their complicated size and the challenges involved in detecting them, botnets can be operated secretly so that victims can’t sense them. Some software updates are also bots. Simply put, our digital technologies are surrounded by unavoidable bots.

But that doesn’t mean your network is destined to be attacked by bots. You can protect your network by identifying these malicious robots and you don’t have to be a skilled data scientist.

So How to Identify Malicious bots on your network?

All you need to do is follow the steps given below.

  • Keep an Eye on the Uniformity of Communications:

First, try to distinguish between bots (both bad and good) and humans. You can do this by identifying those machines that continuously communicates with a victim.

Bots communicate with their targets because they require commands, signals, and data. You need to find out the hosts that stay in touch with their targets periodically and continuously. Weekly traffic is sufficient to figure out client-target communication. Uniform communications are likely to be generated by a bot.

  • The Rate of Failed Login Attempts is Quite High:

One of the popular uses of bots is to steal passwords—a practice that is also known as ATO attack. A botnet will try to take control of user accounts by testing user-password combinations obtained from other sites. This way, botnets might attempt to legalize millions of accounts per day. If you’re struggling with your passwords, it might be the sign of a bot attack. You can use analytic tools like Google Analytics and your access logs to track those failed login attempts over time.

  • Identify Malicious Bots within Browsers:

Another way to identify malicious bots is to look at particular information contained in HTTP headers. Internet browsers generally have clear headers’ image. In normal browsing, the link within a browser will generate a “referrer” header that will be included in the next request for that URL.

However, traffic generated by a bot might not have a “referrer” header or it will look “fake”. The bots that look the same in every traffic flow are likely to be highly malicious.

  • Failing of Gift Card Numbers:

Botnets are also used to steal the value from genuine gift cards. It is easy to target gift card accounts with bots.

This is because companies don’t ask for a billing address, account name or personal info when attackers get their hand on gift cards account. That’s why attackers can use several combinations to get valid pairs of card numbers and pin codes. When an invalid pair is made, it generates a failed validation notification. If your gift card validation fails several times, consider it a solid signal that bots are attempting to steal your customer’s gift card balances to resell them on the dark web.

  • Increase in Irregular Page Viewing Patterns:

A human customer is likely to check the things that appeal to them. They look for their desired items and check out. What if they check every single product page on your website—or even half of those pages?

Scraper bots are used for this purpose as they are only aimed at the product pages. Those bots also visit the search page numerous times during a session. Unusual sessions generally include ridiculous searches and can be a sign of a bot attack. Besides, those sessions could be longer as it takes bot time to copy content in large volumes.

So these are the things to look for in your network to keep the risk of malicious bots at a bay. Plus, you can install effective anti-malware software to add extra layers to your cybersecurity.

What do you think? Let us know by commenting below.

Read more