10 Cyber "Threat" Trends

1. Attacks via USB drives: as these types of drives become cheaper and more ubiquitous, malware and Trojans will spread on them. Many companies hand out USB drives at trade shows.

2. Large-scale, targeted botnet attacks.

3. Denial of service attacks, like those that affected San Francisco-based Visa Inc. (NYSE: V) in the Wikileaks fiasco.

4.More attacks via social networks like Facebook Inc. Future viruses will likely be designed to steal or delete users’ personal information, which can be sold in numerous black markets.

5. Click jacking and cross-site scripting. This is similar to social network attacks. Criminals use fake web pages to trick users into giving away passwords, account numbers, etc.

6. Phishing attacks from “trusted” third parties. Emails will come, ostensibly from banks or other well known companies, asking users to click on a link.

7. Online fraud and money mules. These are active attempts to enlist people to transfer illegal funds from credit card thieves.

8. Cloud computing concerns. As more data is distributed around the Internet in the so-called “cloud,” opportunities for data infection or theft will grow.

9. Data exfiltration and insider threats. People will always find ways to anonymously leak private information.

10. Attacks on mobile devices and wireless networks. This fast growing area of technology provides unprecedented opportunities for cyber criminals. Phones and mobile devices can be specifically targeted in denial of service attacks, and criminals will also try to exploit mobile banking apps and similar programs.

Read more.

Are Hackers Putting Your Business in Danger?

by Eric Pratt

With the Wiki Leaks drama of the past week it seems there is a lot of speculation circulating as regard to who's at risk, what can be done, and who to turn to for support. That's where QeH2 Business Solutions and IT Support comes in! With a host of Disaster Recovery, Internet Security, Network Security and protection for the small business.

With fear comes rash decisions however (exactly what hackers want). Look to avoid some of the many scares that are crippling businesses and causing them to over spend. For example, see this recent email I received from our tenant regarding just this issue, and QeH2 Partner Ian Holt's thoughts following...

WARNING: Internet usage and DoS attacks

With the arrest of Wikileaks founder Julian Assange the largest hacker group in the world right now (Known as "Anonymous") is doing major attacks on many financial institutions like Paypal and Mastercard and internet providers like Amazon. These attacks also known as DoS (Denial of Service) attacks are usually performed by sending out massive amounts of malware which hijacks people's machines and disseminates the attack from unknowing victims machines. Occasionally these malware include Trojans and worms which will damage your machine.

As an added precaution beyond normal virus and malware protection we want all of our customers to know about this and would ask that you limit internet usage over the next three days to curtail any hijacking of your equipment. By all means, do not stop using the internet altogether but please limit your usage as much as possible for the next three days. The government is fighting back against these hackers and the major companies are working on patches to block the malware dissemination but it will take time.

I sent this to my Partner and friend Ian, he replied with the following....

"This sounds like a hoax. It's not like there is a limited amount of internet to go around. If you try to access one of the websites they attack it will be slower, but your internet usage will not affect nor increase your ability to be attacked or hijacked.

The government does fight back against hackers, the FBI has 1 (that's ONE) cybercrime expert in the state of Colorado and he's woefully behind the times. Private companies being attacked will update their security policies and block offending traffic and may experience a few hours of downtime until they control their own sites.

Erroneous parts of this email include - The Paypal BLOG site was down, not paypal. Amazon is NOT an internet provider, they are an online retailer.

This whole thing reeks of cyberhoax."

Hopefully this proves as an example that you never know what to believe, especially given the various sources. Someone played a simple hoax here but the results can and will be lost productivity, etc. When a question comes up just contact your QeH2 IT Support Technician, that's what we're here for!

Email Security

by Colin MacDonald

I have noticed the past few months a lot of clients getting viruses on their machines.There hasn’t been the usual scare of “OH NO! Look out, there’s a worm virus attack happening!!” and everyone freaks out, it’s just a normal day in the virus world. As it affects me and the amount of work that I do, I wanted to find out how they were getting these viruses and then come up with a few easy ways to prevent them. I decided to look at their emails, all these steps I have implemented at at least 1 company, with most of them scattered throughout other clients.

1. Problems

Attachments – Of course everyone should be wary of opening attachments in emails. If it’s a video or pictures, it may be infected with malware or a virus.

Forwards – The funny jokes and touching stories that people share online. You can tell that you’re getting these by the “fwd fwd fwd fwd…..” in the subject line. I personally don’t read forwards. It’s that easy of a choice to make. For the 30 seconds that I may chuckle or feel good about reading what the story was, it’s not worth the 3 hours worth of work that I must do to clean my computer of infections

Fake Emails – Is your brother the kind of guy that would write you an email that says “Hello. Check this out! www.infectmypcbecausethisisafakeemailwithafakelink.com”? Or would your brother be more like mine and say “Hey punk. I saw this video and thought of you and that time when that basketball hit you in the face (note: that totally never happened in our childhood, I was a way better ball player than he was) and I laughed until I couldn’t breathe. www.realvideobutIwasnotthebrotherwhogothitintheface.com. Which one of those links would you click on? Figure out what is real and what isn’t. Spammers will try and trick you into opening their emails by sounding legit. Subject lines will say things “Good seeing you the other day” “Want to do lunch tomorrow?” “Check out this website that I found!”. Some will go as far as to enter in your name to try and personalize it even more, thus getting you to click on it.

With all the social networking sites out there, you are bound to be one of the millions using them informing the world of your thoughts in up the minute broadcasts. These sites have a system where notification emails can be sent to you. Spammers will try and mimick these also. Facebook will send you a notification using the email address notification@facebook.com. Spammers will use the address notifications@facebookmail.com. The trick is to know which of these are real and which aren’t.

2. Solutions

Outlook Reading Pane – Outlook has a function where it will automatically open your individual emails when highlighted. This can pose a risk in the sense that highlighting an infected email will automatically open it thus infecting the computer. My advice is to turn it off. That way if you need to read an email, you must double click on it.

Setup an alternate email address – Don’t ever sign up for anything using your business email. There are plenty of free email sites out there to use. Some of the more popular ones: www.hotmail.com, www.yahoo.com and my personal favourite www.gmail.com. Tell your friends to send forwards (if you’re one of those who absolutely needs to read them) to it. That way if your email account starts to spam, it won’t be from your company email (your system administrator will thank you for that).
When signing up for other things (such as Facebook, fantasy football, software trials) use this email address, if you’re added to a spam list, you don’t see all of the messages about getting Viagra that are gonna come to you, because you’ll get enough of those already from that sales guy you upset that one time who uses your email address to sign up for every credit card and magazine offer he gets.

Notification emails – In regards to the Facebook notifications, it’s simple enough. If you get an email from Facebook saying how Aunt Peggy just commented on a photo of you (hopefully not the photo of the last party you went to…) delete the notification email, open a new browser window and log into your Facebook account through it’s main page. Sure, that email has a link in it, but what if you were too late to see that it was from a fake email address?

Now these aren’t going to prevent any user from ever getting a virus or malware on their machine. However, these are just a few of the little things that I have seen from my years in the IT business. In the end it boils down to common sense about what you do online and what you open in your email