Defending Against Modus Operandi

You work for a small to mid-sized business and outsource the support of your IT systems to a vendor. How do you gauge if your vendor is doing the job you pay them to do? How do you know they are implementing proper security measures? Let us face it, these questions become secondary or tertiary to questions like…..”Are my computer systems working properly?” or “What do I need to do, for what client today?”

The problem that I see many businesses face, is the overwhelming needs to worry about in a day. Cyber security is not an immediate requirement, protects against something that may or may not happen, and does not help a company generate business. Most companies by now have realized that the “I’m not a target because….” attitude is not realistic in practice. If you still think this way then please, call me and let us discuss that.

If you are still with me, it is probably because you can relate to the things that I have said thus far. Now, let me explain what you can do that will give you an 80% solution for 20% effort. Many trend research papers have concluded that the majority of compromises these days start with two common modus operandi or “m.o.” for short. As depicted in the figure below, the initial engagement starts with a malicious email or website. From there a victim is found leading to a compromised computer that then allows the perpetrator to carry out their final objective, which can be any number of things.

Let us focus on the malicious emails and websites. What is the first thing that must happen to allow a perpetrator to start a phishing campaign? They have to have your email addresses right? If you are interested in seeing how perpetrators generate their email list and what you can do to protect yourself come to one of our upcoming seminars. For more information click here.

After an email list has been generated, what is the next step in a phishing campaign? The perpetrator needs to create a phishing email and have it delivered to the email addresses and wait for their next victim. So what can you do to protect against this step? How about implementing an email filtering system that will not only filter malicious emails but also all of that spam you receive on a daily basis. Who said security can’t help productivity? Imagine the time savings when you no longer have spam or unwanted emails being delivered to your inbox. A word of warning, email filters are not created equally and some are more effective than others. Interested in knowing what to look for in an email filter? Come to one of our upcoming seminars. For more information click here.

Can you guess what the final step of the initial engagement is? It must happen before the computer can be compromised. The victim must fall for the email by clicking a link, downloading an attachment, or responded with the requested information. The defense against this phase is a multi-pronged approach. It first starts with training the employee to identify malicious emails, but let’s say they are still tricked. They are some technical steps that can be implemented to minimize the chances that the malware can execute successfully. If you are interested in knowing more about security awareness programs or these technical steps come to one of our upcoming seminars. For more information click here.

Now that we have talked about malicious emails, what about malicious websites? This as well is a multi-pronged approach as well. It does start with training the employee but also has a technical component. Features such as Geo-IP blocking, Gateway Antivirus, Content Filtering Systems, Intrusion Prevention Systems can sound highly technical and seem to go against the “20% effort” referenced at the beginning. The truth is that it’s not. Vendors have implemented these filters into their firewalls and for the most part can be self-managed. If you are interested in learning more about what these features are come to one of our upcoming seminars. For more information click here.

Hopefully I’ve provided you with insight into the steps of falling victim to cyber criminals and teased you enough to motivate you to come to one of our seminars. I can tell you one thing we excel at…..is visual demonstrations on what cyber criminals do. This helps make “cybersecurity” something that is more tangible increasing your level of understanding and motivate you to take appropriate measures to make sure that you continue to do what you do best. Sign up today!

Michael Mariano Joins Avasek Team

Michael Mariano Joins Avasek Team

Avasek is proud to name Michael Mariano as IT Operations Manager. Michael was most recently IT Operations Manager of FIS Global, a Fortune 500 company serving 20,000 clients in 130 countries. His knowledge and background will be instrumental in providing the quality of services that keep businesses functional as well as secure.

Welcome Aboard Michael!

Cyber Security for Small Business Seminar

Cyber Security for Small Business Seminar

Join Avasek for a cyber security seminar aimed at small business.

Sixty-six percent of companies and professional firms that suffer a data breach are out of business within six months. The trend among hackers: target small businesses. Avasek Security demonstrates how easy it is for hackers to access your data and how to protect your company.

This highly-engaging training includes live demonstrations of hackers’ tactics and teaches how to:

How to identify phishing emails, dangerous attachments, and other email scams
Steps to take to minimize the risk associated with ransomware
What risky behavior and common traps to avoid to keep you and your employees safe on the internet

WHEN: September 30, 2016 @ 8:00 am – 11:00 am

WHERE:
MIDJersey Chamber of Commerce
423 Riverview Plaza
Trenton, NJ 08611

COST: Free for Clear Members, $35 Chamber Members, $45 Future Members

BUY TICKETS ONLINE

Vector ticket icon

US-Computer Emergency Readiness Team recommends uninstall of QuickTime for Windows

Description
QuickTime for Windows has two critical flaws and Apple is ending support and not going to patch them. If a user visits a malicious web page or opens a malicious file, the vulnerabilities could execute code in the security context of the QuickTime player. Using unsupported software may increase the risks from viruses and other security threats such as lost of confidentiality, integrity, or availability of data.

Affected Systems
All Microsoft Windows with Apple QuickTime installed. If you have iTunes installed on your computer then chances are QuickTime is installed.

Impact
Software will continue to work, however, unsupported software increases the risk of malicious attacks or electronic data loss. The two know vulnerabilities could allow remote attackers to take control of the affected systems.

Solution
The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page.

If you would like assistance in removing the software from your network contact us!

Tech Support Scam: Dell Customer Data Breached

A new phone scam is on the rise and it involves Dell PCs’ owners. Scammers call people who use Dell PCs, and claim to be Dell Tech Support Representatives. They trick users by offering to fix “existing” computer problems by installing remote access software on the victim’s computer. But instead of fixing a problem, scammers install ransomware, software that makes PC completely unusable until a victim pays up. In addition, end-users have hundreds of dollars placed on their credit cards for the bogus service that never been performed.

It is possible that one or more of Dell’s databases got compromised. According to victims, scammers know Dell PC’s owner’s information, such as phone number, unique Dell Tech Support Customer Tag printed on each individual Dell computer, and details of any previous support request made by the victim through official Dell channels.

You can protect your business from this Dell phone scam and its costly complications:

  • educate your staff with cybersecurity training;
  • ensure that your workstations have secure data backups;
  • if anyone calls to help with computer issues, hang up and call the company back.

Avasek, a leading IT security consulting firm, will ensure that all your computers are protected against ransomware and will help you resolve the locked computer issue in 24 hours and without having to pay thousands of dollars in payoff.