A Criminal’s Weapon – The Biggest Cyber Security Threats

By |2018-10-17T17:49:27-04:00October 17th, 2018|Cyber Security Awareness, Uncategorized|

How unsafe is the internet really? How much damage can be done online?

The internet is much more unsafe than it was 20 years ago. Cyber crime has risen year after year and has evolved every step of the way. Cyber criminals are so smart, and modern-day technology introduces so many new innovative threats to be wary of. Cyber War is real, and we are engaged in battle. It’s important to know who you’re fighting against, what weapons they are using, and what you are fighting for.

The Channel Co: CRN 2019 MSP 500Who Are Cyber Criminals?

Who am I protecting myself from? How much power do they have?

The picture to the left depicts the stereotypical image visualized when someone says “hacker”. Like all crime, there are many individually driven criminals. But also like all crime, it has evolved to become more organized. For example, some of the most recognizable organized hacker groups are Anonymous (although they commit crimes that are more activist in nature), and Morpho (known for hacking Microsoft, Apple, Facebook and Twitter) [1]. These organizations are extremely powerful, enough to successfully attack governments and major corporations.

A Criminal’s Weapon - The Biggest Cyber Security ThreatsWhat Are Cyber Criminal’s Motives?

How much is my data worth?

There are many theories as to why people become criminals, but what is undeniable is the volume of opportunity cyber crime can generate for a common lawbreaker. A huge motivation is potential financial gain. Cyber crime has become so big and powerful that it is estimated that global cyber crime alone generates 1.5 TRILLION dollars annually[2]. It’s also undeniable that it’s harder to physically steal someone’s wallet and get away with it than it is to steal their credit card information online and get away with it. Criminals are much braver behind a screen, and there are many ways that they can keep anonymous and commit crimes.

What Are The Biggest Cyber Security Threats Against Me?

What are the ways I can be attacked? How can I be protected?

1. Phishing emails and social engineering attacks

Almost everyone has received one of these spam emails: an email requesting either information, login credentials, banking information, etc. You can see from the red texts that this is clearly a scam. Phishing emails often have spelling mistakes, incorrect email domains and suspicious links. Here, we tell you how to identify phishing emails. These attacks have become more sophisticated. Cyber criminals will impersonate someone close to you, a mother, a boss, etc., and email you from an impersonating account.

2. Distributed Denial of Service Attacks (DDoS)

This is the technical term to overload an online service by overwhelming it with traffic from multiple sources. In physical terms, it’s like closing a highway because there’s too much traffic on the road. Cyber criminals will do this to shut down your network, and it’s even something that can be bought over the Dark Web to commit to someone else’s servers if you had the mind to.

The Channel Co: CRN 2019 MSP 5003. Ransomware

Like a simple, physical ransom, criminals will take something of importance to you and demand you to pay them back. In cyber crime, what’s important is your data. Cyber criminals will encrypt your files on your computer making them accessible only to them, and demand you pay them to get your files back. This can be extremely costly for business, and in fact most 75% of small to medium businesses report a ransomware attack has led to business-threatening downtime. Discover how to protect your business from ransomware.

4. Cryptojacking

With the emergence of cryptocurrencies like Bitcoin, Ethereum and Ripple, etc., has created another way that cyber criminals can remain anonymous online. Cryptojacking is the unauthorized use of another’s computer to mine cryptocurrencies, or cryptomine. Cryptomining, in the simplest terms, is the process of creating new cryptocurrencies – and once completed, you are awarded with currency. This requires a large amount of computer processing power, so cyber criminals will trick you into downloading scripts onto your computer to use your power.

5. Data breaches

Large corporations fall at the hands of hackers seemingly every week. One of the biggest data breaches to date was Facebook, where 30 million users were compromised. You can find out here the 10 best ways to stay safe on Social Media.

Webroot26. Viruses & Malware

There are so much computer viruses and malware nowadays that modern computers are bought with a trail run of an antivirus software, like Webroot. Viruses and malware can attack in many ways, from deleting files, to shutting down your whole device. Ensure your antivirus programs are always up to date and do routine scans of your devices.

Feel free to Contact Us for more information.

Stay up to date with us and receive Cloud & Security Tips!

Facebook Gets Hacked – The 10 Best Ways To Stay Safe on Social Media

By |2018-10-16T16:28:36-04:00October 16th, 2018|Dark Web Monitoring, Uncategorized|

Social media needs no introduction – if you don’t have some sort of social media account by now, you might be living under a rock. Social media covers everything from casual sites (Facebook, Twitter), artistic sites (Instagram, Spotify), and even instructional sites (Waze, Reddit). What fails to be thought of by everyday consumers is how safe is it really?

It seems like every week, another big corporation announces a huge data breach, the most recent and most troubling being Facebook. On September 28th, initial reports by Facebook itself suggested that 50 million users were affected, and most recently (as of Oct. 12th) that number stands at a smaller but still unimaginable 30 million users [1] [2].

How did 30 million people get attacked?

As Facebook explained, hackers were able to exploit a vulnerability in Facebook’s code for the “View As” feature. The “View As” feature allows account owners to see how they’re profile would look like to other people. The hacker exploited this system by making it so if they were logged in as User A and did “View As” User Y, they became User Y. If User Y was logged in, the hackers now had stolen your Access Token, the generated cookie/tool that keeps your account logged in and from having to log in every time you load up Facebook [3].

Who was affected?

Facebook did a scan of all its users who used the “View As” feature in the past year, and deleted their access tokens. That resulted in 90 million users, whether they were hacked or not, experiencing a forced log out. Facebook recently reported that it estimates 30 000 000 affected by this breach.

[2]Out of the 30 million that were affected:

  • 1 million had no Facebook data accessed at all.
  • 15 million had at most their name, phone number and email addresses accessed.
  • 14 million had contact details and other profile data accessed, includingusername, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, [their] website, people or Pages they follow, and [their] 15 most recent searches.”

Just another of a long list of corporations, social media giants and e-commerce sites to be compromised, it leads us to question if we could ever be safe.

What does it take to have true cyber protection?

With social media, you almost have little control when the biggest of corporations are still vulnerable. With the skill, technology and organization of today’s cyber criminals, it’s not a matter of IF you can get hacked, it’s a matter of being better prepared than someone else. A hacker will not waste its time on a strong defense, especially when there are millions of weak ones.

Here’s the 10 Best Ways to Stay Protected on Social Media:

1. Use a strong password.

  • This is the standard – cyber security 101, but it’s still overlooked by nearly all users. A hacker’s best tool is a brute force attack – an attack designed to discover a password through trying every single combination of letters/numbers/symbols. These attacks 8 BILLION combinations per second. A password should NOT consist of words or phrases. A great way to choose a password and remember it is to pick your favourite line from a movie/book, take the first letter of each word, capitalize every 3rd letter, and then repeat. For example; “O Romeo, Romeo! Wherefore art thou Romeo?” = orRwaTroRrwAtr.A laughing man, saying "I changed all my passwords to 'incorrect.' So whenever I forget, it will tell me 'Your password is incorrect.'"

2. Use a different password for each of your social media accounts.

  • Nearly 80 percent of users use the same, or a variation of one password across several accounts. If a hacker can steal one password, how hard would it be for them to get the 10 other similar ones? You might as well hand it over to them.

3. Never log in from wifi networks you don’t know and be wary of free networks.

  • Anyone can purchase a portable wi-fi adapter from their service provider. There is nothing stopping a criminal from going to your local Starbucks and naming their portable network “Starbucks Free Hi-Speed Wifi.” Next thing is, you logged in to that network – of course you did because it was Hi-Speed – and you’ve now given access to your phone to hackers.A list of Wi-Fi networks with the option "Password is Password" highlighted

4. Be wary of third-party add-ons and apps.

  • That follower tracker you downloaded to track your twitter followers could be developed and designed to trick you into giving up your account information. In fact, in 2017 alone, Google took down 700 000 malicious apps on it’s Play Store that were used for criminal activity.

5. Check your privacy settings.

  • Often overlooked are the privacy settings on your social media accounts. The more private you are, the less likely some can steal your information, it’s as simple as that.

6. Don’t click that suspicious link!

  • I admit that I also want to read “10 Reasons Why Star Wars is the Best Series Ever,” but it could mean clicking a link that’s going to download viruses, malicious software, encrypt your files or even destroy everything all together.

7. Be careful about what you share.

  • Don’t reveal sensitive personal information ie: home address, financial information, phone number. The more you post the easier it is to have your identity stolen. Believe it or not, posts like this exists:A Facebook post of a user exposing their credit card information online

8. If you have social media apps on your phone, be sure to password protect your device.

  • To have a cellphone constantly unlocked is asking someone to steal it. The best protection are the alphanumerical passwords that are available on most smartphones.

9. Remember to log off when you’re done.

The 30 million who got compromised through Facebook could have been safe if they did this simple thing. If it’s an important account, always log out when you’re finished. You can be the most secure, but all a hacker needs is your Access Token, and then they have your account.

10. Keep your firewall security and anti-virus software up-to-date.

When all is said and done, you must have proper anti-virus/anti-malware protection. Watch out for fake software being sold online – those are run by hackers as well. Always buy from a trusted source.

Contact Us to find out if YOUR corporate email address is being sold on the DARK WEB for hackers!

Stay up to date with us and receive Cloud & Security Tips!

>

E-Tech Adds Industry-Leading Products with Webroot Partnership

By |2024-01-23T15:28:32-05:00September 1st, 2018|About Us, Press Release, Uncategorized|

Toronto, ON – September, 2018 Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today partnered with E-Tech, an award-winning managed service provider based in Toronto, Ontario.

E-Tech is expanding its product portfolio with Webroot’s Endpoint Protection, DNS Protection, and Cyber Security Awareness Training to help improve their customers’ ability to defend itself from cyber security threats at every level.

“We are very excited to add Webroot to our line of products,” said Ian Evans, President and CEO at E-Tech. “Our goal is to give the best products possible to our clients; products that keep them the most secure possible, and Webroot certainly does that job.”

New Products:

Webroot’s Endpoint Protection makes anti-virus and anti-malware protection very easy and secure. The ultra-small agent takes seconds to install and requires only 2 MB of disk space to install. From there, it takes merely minutes to scan your computer for malicious programs.

Webroot’s DNS Protection allows your users to be safe while surfing the internet. Uncontrolled web usage is a huge risk, no matter the size of your business. By redirecting user activity through our DNS cloud, we can block your users from connecting to malicious websites before they reach them.

The Cyber Security Awareness Training program was bred by the idea that the biggest risk to a company are the staff. To fully protect a company, the staff should be put through comprehensive cyber security awareness training. Our training includes an in-house presentation, detailed learning modules, and even a phishing email simulator.

About E-Tech:

E-Tech was born in 1991 and has been providing system support and information technology consulting services to our clients since 2005. We attribute our strength and success to our close working relationship with each and every one of our clients – regardless of size. We design our services specifically to help our clients succeed in today’s complex business environment, keeping in mind our client’s goals, objectives, and bottom lines. Since our inception, we have been establishing a strong bond with small to medium businesses and not-for-profits by delivering cyber security protection, website hosting services, IT support solutions, and website design services.

About Webroot:

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Their smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Their award-winning SecureAnywhere endpoint solutions and BrightCloud Threat Intelligence Services protect tens of millions of devices across businesses, home users, and the Internet of Things. Trusted and integrated by market-leading companies, including Cisco, F5 Networks, Aruba, Palo Alto Networks, A10 Networks, and more, Webroot is headquartered in Colorado and operates globally across North America, Europe, and Asia.

E-Tech Now Delivers Dark Web Monitoring Services through ID Agent Partnership

By |2024-01-23T15:29:30-05:00August 27th, 2018|About Us, Press Release, Uncategorized|

E-Tech Offers Monitoring and Alerting of Stolen Digital Credentials, Increasingly Valuable Asset on Dark Web

On August 27, 2018 E-Tech announced its new Dark Web monitoring services provided through its partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, E-Tech offers around the clock monitoring and alerting for increasingly compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black market sites.

“The average SMB and Not-For-Profit has little to no knowledge on the Dark Web. They would be scared to discover that their credentials for work applications, social media sites, financial institutions and more, are being sold by criminals all over the Dark Web. We cannot underestimate the value of those credentials to criminal organizations. Knowledge is our best combatant,” said Ian Evans, President and CEO at E-Tech.

The Dark Web is made up of various digital communities, and while there are legitimate purposes for the Dark Web, it is estimated that over 50 percent of all sites on the Dark Web today are used for criminal activities, including the disclosure and sale of digital credentials.

“Digital credentials such as usernames and passwords are widely used to connect to critical business applications – the reason these credentials are among the most valuable assets found on the Dark Web,” said Kevin Lancaster, CEO of ID Agent. “Unfortunately, the unaffordability of cyber offerings has played into the cyber poverty line experienced by small businesses. Dark Web ID, however, delivers an affordable model that provides small businesses with the same advanced credential monitoring capabilities used by Fortune 500 companies to organizations in the SMB and mid-market space.”

Dark Web ID is the industry’s only commercial solution available to detect customers’ compromised credentials in real-time on the Dark Web. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your customers’ employees, contractors and other personnel, and notifies them immediately when these critical assets are compromised. There are a few competitors in the market but none completely focused on the Dark Web as ID Agent’s solution.

Feel free to Contact Us for more information.

iMIS ALERT: Does One of Your Former Administrators Still Have Access to Sensitive Data?

By |2018-08-14T12:35:05-04:00August 14th, 2018|iMIS, Uncategorized|

As your organization continues to move forward and grow, you typically cycle through many staff and volunteers, which can also extend to the administrative level. Whether an administrator is let go, leaving for another opportunity, retiring, etc., the issue remains that they have access to sensitive data.

One of our clients, who we host and consult iMIS for, recently experienced this same issue and opened a support ticket with us. Here, we outline a guide on how to disable the access of an administrator:

Server Access (to request from E-Tech):

  1. Your organization can submit a ticket in advance, letting us know the last day of the retiring employee and request to disable the user server level access at a specific time of the day. The account would be disabled as scheduled and later completely removed from our system.
  1. A password change for the VPN (Virtual Private Network) is very important. It will restrict the user from connecting to our network and servers or have any access to the database data from outside of the office.

In iMIS (Client Side):

  1. We would advise you not to delete the user from IMIS. In certain scenarios, deleting the user would affect records that were update by the user in the past. Instead, disable the user’s account in iMIS or change the user type from full to public. This will allow the user to still login to the system from public website and update his profile, but any administrative level access would be revoked.
  1. Change the manager’s password (If the user had access to the manager’s account). Please call E-Tech Support and provide the updated manager password over the phone. The password is required for us to maintain your system’s working state and troubleshoot any issues. If you are not sure how to update the manager password in your version of iMIS, you can always submit a ticket to support@etechcomputing.com with the prefix *URGENT* in the email title and we will update the password right away.
  1. If the user had access to any of the other staff passwords, please update both IMIS and RDP passwords for those users also.

Feel free to Contact Us for more information.

Title

ABOUT US

201 Consumers Road
Suite 204
Toronto, Ontario
M2J 4G8
(647) 361-8191

EXPERTISE

HELPFUL LINKS

E-Tech. All Rights Reserved 2024.

Accessibility by WAH
Go to Top