By -- 2021-09-29 in Blog, Uncategorized

Cybersecurity Awareness Month 2021: Week 4

 

Cybercrime has risen immensely since the onset of the coronavirus pandemic, largely due to the sudden sharp increase in employees working remotely. This month, we focused on both email and mobile phishing attacks, as 36% of successful corporate cyberattacks have involved phishing. Already, hackers have ransomed millions of dollars from organizations since the beginning of the pandemic, making cyber hygiene even more necessary than ever before.

This past month, we’ve focused on providing you with the latest news on cybercriminal tactics and ways to stay safe online. Our first week’s blog focused on the basics of cyber hygiene: creating a routine, using multi-factor authentication, creating long and unique passwords, implementing a password manager to store those passwords, and keeping software updated. Therefore, here we’ll recap the 4 most effective things you can do to avoid cybercrime:

 

  1. Manage social media settings
    • Cybercriminals often utilize social engineering to obtain sensitive information, so be mindful of what you post publicly. Even posting seemingly benign information like your pet’s name or your mother’s maiden name can expose answers to common security questions.
  2. Use a Virtual Private Network (VPN)
    • A VPN encrypts all traffic leaving your devices until it arrives at its destination. If a hacker accesses your communication line, they won’t be able to intercept any non-encrypted information. VPNs are useful for a variety of purposes, such as:
      • When using public Wi-Fi
      • When accessing sites that contain sensitive information
      • Hiding private information from your browsing history and/or apps, which may otherwise be accessible to criminals if hacked
  1. Talk to family about internet security
    • Whether it’s your kids or your parents, talk to those you live with or who may not be tech-savvy about online threats
    • Communicate with your kids about acceptable use of the internet
    • Make sure your children know that they can come to you about online issues like bullying, stalking, or harassment
    • Inform those who are not as tech savvy (like your kids and/or parents) about the markers of online identity theft attempts
      • Be careful when sharing your family members’ personal information
      • Know that children are popular targets of identity theft because their social Security number and credit histories represent a clean slate
  1. Stay updated on major security breaches
    • If you hear about a website or ecommerce site that you use has been hacked, find out what information has been accessed and change your password immediately
    • You can use sites like this one to find out if your email or phone number has been compromised in a security breach. If it has- change the passwords to sites that have been compromised ASAP
    • One of the ways you can stay up to date is by reading our blog, where we frequently post updates about the latest major cybersecurity news

 

What Should I do if I Fall Victim to Cybercrime?

Though it’s important to know how to best prevent cybercrime from happening, its equally as important to know what to do if you believe hackers have accessed your device or data. Depending on the situation, you may need to alert your local police, the Federal Trade Commission, or even the FBI. Even if you think the cybercrime is minor, you should always report it. The malicious capabilities of hackers are broad and harmful* and should not be underestimated. Reporting may assist authorities detect cybercrimes and criminals in the future. If you think your information has been stolen, you should first contact the companies/banks where you know fraud occurred. Then, fraud alerts should be placed in your credit reports if bank information has been compromised. Lastly, if your identify has been stolen, identify theft can be reported to the FTC.

 

If you’re unsure how to navigate the waters of cyber hygiene, reach out to us at info@optfinity.com or call us at (703) 790-0400. Do your part and be cyber smart!

 

 

 

By -- 2021-09-29 in Blog

Cybersecurity Awareness Month 2021: Week 3

 

Last week, we discussed email phishing and the red flags you need be aware of. This common yet effective method of harvesting personal data laid the foundation for attacks that target mobile devices. Though many people are aware of phishing email campaigns, not the same can be said about mobile phishing campaigns. Hackers use social engineering techniques to target services like Facebook, WhatsApp, SMS, and malicious apps to exploit users who are less suspicious of these new avenues of cybercrime.

Perhaps this explains why research has found that mobile users are three times more likely to fall victim to phishing attempts compared to desktop users. The goal of mobile phishing attempts is often the same as email phishing attempts, and as such, warrant awareness and attention. Below, we outline the four most common ways hackers are infiltrating mobile devices.

 

  1. Malicious Apps

Hackers try to trick users into downloading malicious apps in two ways. One method involves using legitimate app stores like the iOS or Android stores. They use these markets to broadcast harmful apps that use phishing tactics to steal personal information. Though these stores constantly remove malicious apps, some are able to slip through the cracks amidst the torrents of official apps uploaded to these stores on a daily basis. Secondly, cybercriminals create unofficial app stores. Here, fraudulent apps mimicking legitimate ones are riddled with malware that activates only after they are installed.

These two means of infiltrating devices have become more common as corporate desktops have begun implementing pre-approved lists of software. This limits the success of hacking devices through application stores. Meanwhile, mobile devices can download any app from any network, broadening cybercriminals’ points of entry.

To keep yourself safe, never download apps from a browser; only use apps in your device’s official store. Within legitimate stores, keep an eye out for apps from unknown developers or those with few or negative reviews. Lastly, if an app is no longer supported by your device’s store, there’s probably a good reason it isn’t- so just delete it!

 

  1. Smishing

Text messaging is an often-overlooked segment of organizational cybersecurity, making “smishing” (SMS phishing) a newly popular way of hacking into mobile devices. Further, the success of these attacks has only incentivized hackers to continue deploying smishing attacks, as open rates are at an astounding 98%. Smishing primarily exploits devices through encouraging users to click on a link. Opening these links either loads a fraudulent landing page that asks for a user’s login credentials, or secretly downloads spyware onto the device. Both tactics have been successful in gaining access to personal and corporate data. Be wary of links within texts, and if you are unsure if a link from a seemingly legitimate text is safe, reach out to the company it claims it’s from and confirm if they sent a text to your device from the number you have.  Always use the phone number from an official source and not one which has been sent to you.

 

  1. Whishing

After hackers saw the success in smishing, they began launching phishing campaigns via a medium commonly used as an alternative to SMS messaging: WhatsApp. “Whishing”, or WhatsApp phishing, operates in the same way that smishing does; through sending malicious links over text. Whishing has risen in prevalence due to its relatively cheap and easy implementation. WhatsApp allows communication with anyone else on the app, enabling hackers to send mass phishing messages to a plethora of unsuspecting app users.

Whishing can be neutralized by using a web gateway to block connections to a phishing server, so make sure you are connected to your organization’s corporate network before inspecting any strange WhatsApp messages. Whether using a corporate or personal phone, never disclose sensitive information over Wi-Fi unless you know that the network is secure.

 

  1. Social Media

Lastly, hackers use social media to exploit mobile devices. Malicious links can be embedded into posts that appear innocent and uploaded to many social media sites. Facebook, Twitter, Instagram, and even LinkedIn have been known to host these types of posts. The links within these posts redirect users to phishing sites that ask for sensitive credentials. Phishing posts may appear as ads, giveaways, or contests that seem too good to be true. When clicked on, they take users to phishing sites that look real, but are simply fronts for stealing data. Be wary of any post that urgently encourages you to click on a link, especially if it involves a purchase or giving out personal information like an address.

 

If you’re worried about hackers gaining sensitive information through mobile attacks, contact us about network security at info@optfinity.com.

 

 

 

By -- 2021-09-29 in Blog

Cybersecurity Awareness Month 2021: Week 2

 

What is email phishing?

Email phishing is a form of cybercrime in which scammers attempt to solicit personal information from an unsuspecting person using seemingly legitimate email domains and messages. Often, they will impersonate organizations you know and trust, like banks, online stores, online payment websites, social networking sites, and credit card companies. Though launching email phishing campaigns is one of the oldest tricks in the book for scammers, it remains one of the most effective ways to harvest peoples credit card information, social security numbers, and account information. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing scams in 2019 alone. In 2020, 74% of US organizations experienced a successful phishing attack. Clearly, email phishing remains a simple, yet powerful way cybercriminals are able to exploit email users. Continue reading to learn about how to detect and protect yourself from email phishing campaigns.

 

 

What are the red flags of email phishing?

Often, senders of phishing emails create a sense of urgency to encourage you to click a link or download an attachment. Hackers sending phishing emails may:

  • Ask you to confirm personal information
  • Say that there’s an issue with your account or payment information
  • Offer a coupon or free items
  • Claim they’ve noticed suspicious activity or log-in attempts
  • Tell you you’re eligible for a government refund

Additionally, these emails may include:

  • Awkward or unusual formatting
  • Urgent subject lines
  • Frequent and explicit call outs to click on a lick or open an attachment
  • Lookalike email addresses
    • Addresses may contain slight misspellings of a legitimate company domain like account_manager@com (notice the two “i’s” in the domain name)

 

 

How can I protect myself from email phishing?

Firstly, be aware of the red flags of email phishing outlined earlier. Simply knowing what phishing emails may look like and paying close attention to the legitimacy of an email’s domain is a good foundation of defense for all email users. Secondly, you should protect your devices from threats in general by using a security software. This way, even if you try to click on a suspicious link or attachment, your device may warn you or block you from doing so. Additionally, you should set all your devices to update software automatically. Software updates often contain patches to potential vulnerabilities that scammers may try to exploit to steal your information. You should regularly back up your data as part of your cyber hygiene routine. Backing up your data to an external hard drive or cloud storage ensures that even if phishing emails are able to exploit and wreak havoc on your device, you’ll have the reassurance that your data is still accessible elsewhere.  Finally, you should look into the training of end-users using simulated phishing attacks.

 

How do I report email phishing?

Fortunately, many company email accounts have a “report phishing” button built into their email platform. If you’re using a work or personal email account without this feature, you should still report any suspected phishing emails to your organization, the Anti-Phishing Working Group at reportphishing@apwg.org and to the FTC at ReportFraud.ftc.gov. Reporting these attacks helps federal and private organizations fight scammers by giving them additional details regarding the tactics scammers use to trick people.

 

Remember, any email containing a link or attachment should be considered high risk and warrant additional suspicion. If you are worried about receiving malicious emails or want to train your employees on email security, feel free to reach out to us at info@optfinity.com or via phone at 703-790-0400.

 

 

 

 

By -- 2021-09-29 in Blog

Cybersecurity Awareness Month 2021: Week 1

 

Since the onset of the COVID-19 pandemic, cybercrime has both become more sophisticated and more commonplace, compromising the data of individuals and organizations alike. Though there is no one golden rule to cyber hygiene, there are several key things that you can do to further ensure your network’s safety.

 

  • Enable multi-factor authentication (MFA)- MFA involves requiring multiple forms of authentication in order to access an account or site. One common example of this is when sites require both a password and a token (typically this is done using a mobile app or via a text message to your phone). This adds an additional layer of protection to your accounts, as even if your password is compromised, the criminal still requires that second factor to access your information.

 

  • Use strong passphrases/passwords- There is a reason why many sites require passwords over 8 characters containing symbols and both upper and lowercase letters: the more long, complex, and unique a password is, the harder it is to crack. If you have a difficult time remembering all the passwords you use for various sites, consider implementing a password manager. A password manager acts as a vault containing all your other passwords, and to access it, you only need to remember one unique and sophisticated password. Additionally, passphrases are also useful for those struggling to remember their login information. Passphrases are simply easy to remember phrases, with various letters replaced with numbers and symbols to make them more complex. For example, someone who frequents an ecommerce site may use the passphrase: iL0v3sH0pp!nG. However, remember never to use the same password for multiple sites, so if you find yourself frequenting a variety of similar sites often, consider using a password managing software.

 

  • Update software- A simple but effective way to shield yourself from hackers is to continually update your software. Often, these updates contain patches for potential vulnerabilities, and can serve as some of the best defenses to online threats. Whether its your web browser, operating system, or security software, update whenever you can, and avoid continuously clicking the “postpone” option.

 

The more you implement these strategies, the more routine they will become- and creating a security routine is one of the best ways to maintain cyber hygiene. Not only are hacks a great annoyance, but they often cause a loss in data, time, and money. Therefore, implement these simple suggestions and do your part to be cyber smart.

If you’re concerned about your network’s safety and aren’t sure where to start, feel free to give us a call at (703) 790-0400 or email us at info@optfinity.com. We’ll set you up with a free, no obligation network assessment as well as a report regarding areas where your network’s security may be compromised.

 

 

 

By -- 2021-09-29 in OptfinITy News

October 1, 2021 — OptfinITy today announced its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a 2021 Champion and joining a growing global effort to promote the awareness of online safety and privacy. The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’

 

More than ever before, technology plays a part in almost everything we do. Connected devices have been woven into society as an integral part of how people communicate and access services essential to their wellbeing. Despite these great advances in technology and the conveniences this provides, recent events have shown us how quickly our lives and businesses can be disrupted when cyber criminals and adversaries use technology to do harm.

Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering actionable guidance surrounding behaviors anyone can take to protect themselves and their organizations. Everyone has a responsibility to do their part in securing our interconnected world.

 

This year, the Cybersecurity Awareness Month’s main weekly focus areas will revolve around:

  • Understanding and implementing basic cyber hygiene, including the importance of strong passphrases, using multi-factor authentication, performing software updates and backing up data.
  • Recognizing and reporting phishing attempts whether it’s through email, text messages, or chat boxes.
  • Empowering individuals to not only practice safe online behavior, but consider joining the mission of securing our online world by considering a career in cybersecurity!
  • Making cybersecurity a priority in business by making products and processes “secure by design” and considering cybersecurity when purchasing new internet-connected devices.

 

If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.

 

Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. OptfinITy is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

 

About OptfinITy

OptfinITy continues to grow as a leading provider of enterprise quality managed services for the SMB market. We offer comprehensive on-premise and cloud solutions ranging from Managed IT, Managed VOIP, Managed Security to a full suite of Professional Services, including Software Development, Website Development and Cyber security solutions through our PerusITy division. Our team of proven leaders and technical experts, paired with a focus on operational excellence, has earned us a reputation for world-class customer service, long-lasting client relationships, and numerous industry awards and recognition.

 

About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come.

 

About National Cyber Security Alliance

The National Cyber Security Alliance is a nonprofit alliance on a mission to create a more secure connected world.  We enable powerful, public-private partnerships in our mission to educate and inspire individuals to protect themselves, their families and their organizations for the collective good.

 

By -- 2021-09-28 in Blog

Cybersecurity firm Check Point revealed earlier this year that there was a serious security flaw in Amazon’s Kindle software. The flaw allowed hackers to take control of a victim’s device and access personal information or delete information and their books. It is also possible that hackers could have stolen Amazon account credentials or billing information from unsuspecting readers. The most concerning way that the vulnerability could have been exploited is by sending malicious versions of popular e-books to unsuspecting readers.

This type of attack is especially dangerous given its customizable nature. Hackers could have targeted a specific demographic by sending popular, malicious e-books tailored to a group’s interests, dialect, or language. This is the first recorded example of a hack gaining complete remote control over a Kindle via a malicious e-book. If you’re worried about your network being exploited and losing sensitive information whether through an e-book or other vector, contact us for a free assessment info@optfinity.com.

By -- 2021-09-17 in Blog

In recent years, end-to-end encryption has risen in popularity as cybersecurity concerns have become more prevalent in popular culture.  End to end encryption makes it very difficult for anyone to be able to see messages and platforms like Google, Facebook, and Twitter have taken to implementing this encryption method for the safety of their users- a beneficial feature for users, but very frustrating for governments trying to spy on terrorists and criminals.

 

It recently came to light  that the Israeli tech firm NSO created a software called  Pegasus to alleviate this issue for governments and other entities, although the firm doesn’t disclose which entities have purchased it. The software can stealthily infiltrate a smartphone and gain access to everything on it, including the camera and mic. Gaining access to devices running on Blackberry, iOS, Android, and Symbian operating systems allows governments to turn them into surveillance devices.

 

One of the most popular ways it does this is through spearfishing, in which accepting an unsuspecting call on WhatsApp gives the software unbridled access to the device’s capabilities. Recently, we have learned that the software now is a zero-click exploit, in which the software can simply call a user’s WhatsApp number, delete the call, and gain access to a smartphone without the user ever knowing anything suspicious occurred. Additionally, the spyware can infiltrate devices through sending messages that contain gifs. A user doesn’t even need to open the message; once it’s received, the phone is compromised.  Are you safe?

 

 

If you’re wary of falling victim to spyware or malware, you can reach out to us at info@optfinity.com

By -- 2021-09-9 in Blog

Cryptocurrency platform Poly Network revealed recently that they were hacked. The over $600 million dollar theft is the largest crypto hack to date, although the hacking itself was not a hack of the technology.  Instead, the hackers exploited a vulnerability within Poly Network’s system that allowed them to assign themselves the ownership of money processed through the platform. The site reported that $611 million in digital tokens were stolen although a significant portion of the assets were redirected to nonprofits and charities in a modern-day Robin Hood scenario.

As various cryptocurrencies like Bitcoin and Ethereum rise in investment popularity, more attempted hacks into cryptocurrency firms may occur as they have in the past.  In 2019, we saw the Italian exchange BitGrail lose $195 million in assets and in 2018, the Tokyo-based firm Coincheck was hacked and lost $530 million in digital tokens. If you’re concerned where the next attack is coming from and want to be protected, feel free to contact us about virus protection at info@optfinity.com.

By -- 2021-09-3 in Blog

Happy Labor Day Weekend! While you celebrate your extended weekend with cookouts, parades, and enjoying time off from work , you might want to know that hackers may be watching closely. Holidays are notorious magnets for hackers because of online sales, where people are quick to input their personal info and payment information.

To avoid falling victim to these attacks, there are several steps that consumers can take.

  • Make sure that all your devices are up to date and have the latest operating system.
    • This helps to ensure that you have the latest security patches and limits the vulnerabilities that hackers can exploit.
  • If you choose to travel, be wary of pop-up ads on travel sites and strange emails promoting airline or hotel deals. These may be attempting to harvest your personal information or financial information. Whether you’re purchasing airline tickets, hotel rooms, or items online, don’t allow sites to save your credit card information in their system.
    • If a site you’ve used your card on gets exploited, your card credentials, name, and address can be accessed by hackers.
  • Keep and eye on your email and bank account statements for any signs of suspicious activity, and enjoy your weekend safely!

 

If you find yourself concerned about your network’s security capabilities, feel free to reach out to us at info@optfinity.com

By -- 2021-09-1 in Blog

Since the onset of the coronavirus pandemic, remote work has become a large aspect of the new normal. Subsequently, there has been an increase in attacks launched by cyber criminals, including a wave of large-scale attacks has rendered critical infrastructure unusable. The SolarWinds hack, JBS hack, and Colonial Pipeline hack have all been hailed as powerful signals to governments and organizations alike that more investment and research into cybersecurity is necessary.

In an attempt to avoid these types of incidents occurring over and over again, the Senate recently approved $1.9 billion dollars in cybersecurity infrastructure bills. This comes as part of a $1 trillion dollar infrastructure package approved August 10th. This money will be used for securing critical infrastructure against attacks, helping vulnerable organizations defend themselves, funding for a key federal cyber office, and to strengthen cybersecurity for state and local governments.

One of the most notable bills is the State and Local Cybersecurity Improvement Act. This act would give one billion dollars to government entities over 4 years, with a quarter of that being allocated to vulnerable rural communities. This act in particular is much needed, as an attack on a school system or electrical grid could put crucial services in jeopardy- and many state and local governments do not have sufficient resources to defend against these types of attacks. If you’ve found yourself a victim of the onslaught of recent cyberattacks, feel free to reach out to us about malware protection and data recovery at info@optfinity.com.