cybersecurity-computer-security-encompass-it-solutions-manchester-ct

Why Do Crypto Viruses Slow Down Computers?

 

When you catch a cryptovirus on your computer, one of the first noticeable symptoms is the computer being slow. So why is that?

 

Crypto Mining

While there are multiple causes for this delay in system response time, one of the main reasons is due to something called “crypto mining”.

You’ve might have heard about something called “bitcoin” in the news. Bitcoin is an untraceable cryptocurrency used mostly by hackers, but is quickly becoming more mainstream. Although there are multiple ways to obtain bitcoin, serious cryptocurrency enthusiasts “mine” their own bitcoin by using computers to run bitcoin algorithms. Despite the extensive CPU resources required to run these algorithms, it’s often worth it with the price of one bitcoin being $6,535.70 as of July 7, 2018.

As a result, cryptocurrency miners need significant computer processing output to generate money. Some miners might use servers they own, but others turn to a more lucrative source; everyone else’s computers. And the more computers mining for bitcoin, the better.

 

How Crypto Viruses Are Born

A hacker will create a malicious computer program that will infect a computer, take over the CPU, and run cryptocurrency algorithms in the background.

The CPU (Central Processing Unit) is where the computer processes requests. Think of it as the brain of the computer. It’s just like when you have too much on your mind that you can’t handle another question from your 6-year old. Attention is divided.

When your computer has a virus, its attention is focused on the heavy burden of crypto mining. With only a couple lines of code, or delivered via browser, cybercriminals harness stolen processing power and cloud CPU usage to mine cryptocurrency. Coin mining slows devices and overheats batteries. For enterprises, coin miners put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.

When it comes to computers with a virus, most people will only notice a huge increase in how long programs take to load, or just a general slowness. Meanwhile, that CPU bandwidth you could be utilizing, is going to the malicious software.

A swift cryptocurrency market triggered a gold rush for cybercriminals. Symantec released in their “2018 Internet Security Threat Report” that “detections of coin miners on endpoint computers increased by 8,500% in 2017”.

 

That’s where you come in.

The #1 best way to prevent malware is to have strong antivirus and anti-malware software with ransomware protection. It’s also a good idea to stay away from unsafe websites, website ads, and emails from people you don’t know. If you aren’t sure how to tell the differences between a “safe” website and an “unsafe” one, consider our Employee Cybersecurity Training or call 860-785-6233 to ask us about our favorite antivirus and malware software that we install and support for our clients at Encompass IT Solutions in Manchester, CT.

Exposing-Dark-Web-Keeping-Your-Business-Protected-Encompass-IT-CT

Are Hackers Actually Targeting Small Businesses?

 

In the news, it seems like every month we learn about hackers trying to take down larger companies like Target, Sony, or Walmart, but are cybercriminals actually targeting small and medium-sized businesses with 1-100 employees in Connecticut? Is small business technology usually safe?

 

IT Safety in Numbers, Right?

As kids, we were taught the phrase “safety in numbers” by our parents, and small business owners often like to use that type of mindset when it comes to cybersecurity and data breaches. I’m just one tiny fish in a huge ocean. Why would my small business be targeted out of thousands in Connecticut or Massachusetts? Wouldn’t it make more sense for hackers to chase after the large corporations with more data and more money? Yes and no.

Small businesses are a much easier target for hackers due to their insufficient resources, insufficient cybersecurity awareness, and a large number of technical vulnerabilities to exploit. Hackers look for the easiest way to prey on the uneducated, since the risk of being caught is a lot lower.

 

The Facts about Small Business Data Loss

Symantec, one of the world’s leading cybersecurity technology companies, released their 2018 Internet Security Threat Report, stating “43% of cyber attacks targeted small business with less than 100 employees in 2017.” That’s a drastic increase compared to the mere 18% of attacks focused on small businesses just a few years back in 2011. In 2018, Verizon reported that “58% of malware attack victims are categorized as small businesses.” (Verizon’s 2018 Data Breach Investigations Report)

Unfortunately, data breaches hold devastating effects for businesses. Not only do they carry bad publicity and your clients won’t want to touch you with a 10-foot pole, but businesses that have taken a beating from a data breach often don’t survive. FEMA’s 2017 Report released that “more than 40% of businesses never reopen after a data breach disaster, and for those that do, only 29% were still operating after two years.”

But what about just temporary data loss? FEMA states that “those [small businesses with under 100 employees] that lost their information technology for 9 days or more after a disaster filed for bankruptcy within a year.”

Unfortunately, many CEOs don’t recognize the value of their QuickBooks files, client databases, and documents until it’s too late. That’s why making sure your data backups and cybersecurity protections are in place to prevent data disasters.

 

Sophisticated Cyber Attack Methods

Cybersecurity threats are everywhere, and it’s hard to stay up-to-date with them because are designed to attack in various combinations. It’s not just the common “Prince of Nigeria” or IRS scams anymore. For an overview of the common types of threats out there, see our post on 10 Cybersecurity Threats Every CEO Must Thwart.

Targeted phishing attacks, called “spear phishing”, are proving to be a serious cybersecurity issue for small business owners throughout Connecticut. In these attacks, hackers impersonate an employee with the company they are trying to attack. They’ll ask another employee or even a client to send them account credentials or money. We’ve witnessed a few financial companies in Manchester and Hartford becoming victims of spear phishing and requiring a professional’s help to tighten their network security in just this year alone.

Even worse is that spear phishing just one data breach tactic, and hackers are constantly coming up with new tactics to stay ahead of the game. For example, tricky cybercriminals are mimicking auto-response emails from online sites like Amazon, Walmart, or Verizon. Instead of a link to view your “most recent purchase” or “reset your password”, they place a link to malicious websites that automatically download spyware or ransomware to your computer. Sophisticated hackers may even set up a website that looks like the homepage of Amazon or Verizon with a customer login portal that collects your email and password credentials.

With the rising number of targeted attacks against businesses, small and large alike, it’s vital to understand how to keep your computers, servers, and network safe and secure.

 

Education is Key

One of the best ways to be proactive about cybersecurity is by training your employees to adhere to basic cybersecurity protection policies. Understanding the differences between the legitimate emails and the fake phishing ones, how to keep a clean desk and clear screen, as well as being able to identify the various types of cyber attacks are just a few topics to cover. According to IBM’s 2014 Security Report, “95% of data breaches are caused by employee mistakes.” And most mistakes are preventable.

 

If you’re uncertain that your employees could correctly identify a malicious attack, contact us here at Encompass IT Solutions in Manchester, CT for our Cybersecurity Employee Training. Find out how well your employees handle your essential business data, as well as give them access to educational videos on cybersecurity awareness. Give us a call at (860) 785-6233 if you have any questions.

cybersecurity-manchester-ct-encompass-it-solutions-2019

Exposing the Dark Web & Keeping Your Business Protected

 

The dark web is a popular topic at the moment, especially with the rise in speculation amongst cybersecurity specialists about the future of the dark marketplaces. Nevertheless, it’s also important to remember that criminal activity isn’t limited to just the dark web; it’s an internet-wide problem. As the years continue, cybercrime analysts are expecting upticks in malicious activity on the open web too. But before we get into details, let’s take a quick topographical view of the internet.

 

What is the “Dark Web”?

Most of us think of the “surface” or “open” web when discussing the internet. This is the layer of the internet that is indexed by search engine browsers (i.e. Google, Firefox, Internet Explorer). However, this portion of the web accounts for only a microscopic amount of the activity online.

The next layer of activity happens on the huge level called the “deep web”, where databases of “secure” information like financial records, medical records, and government resources are accessible through client portals or gateways. It’s these accounts that are all too often breached, and there’s plenty of material to access, with the deep web existing as an estimated 40-500 times larger than the surface-level web we so commonly use.

The final section of the internet is called the “dark web”. These are the websites that are purposefully concealed from the rest of the internet, and are usually only accessible through particular web browsers like Tor. This is where most of the heavy-duty criminal activity happens, amongst a large underground economy consisting of illegal goods, compromised data, malicious software and cybercrime tools, as well as information for executing successful cyber attacks.

 

Why Can’t We Just Delete the Dark Web?

So why not just wipe out the dark web completely, you ask? Well, it’s important to realize there are legitimate reasons for using the dark web as well. For instance, citizens under oppressive regimes use the dark web to access information that is freely available to others, and journalists and whistleblowers are able to communicate privately with anonymous sources.

Even though the dark web isn’t the only spot for illegal, online trade, it’s valuable to understand how cybercriminals do what they do. Law enforcement uses this intelligence to successfully bring down the dark web markets and create a rippling effect of fear and mistrust. Unfortunately, cybercriminals are utilizing alternative methods to conduct business as a result. Many of them are mainstream communication paths like Jabber and Skype, along with forums dedicated to hacking and code repositories.

 

How to Plan for Cybercrime as a Business

Although it may be tempting for business owners to take it upon themselves to determine the extent of their information exposed and seek retribution, engaging in such activity can be more of a risk. It’s better to plan for data breaches using threat modeling, and leave the rest up to cybersecurity professionals.

Cybersecurity Threat Modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats. Typically, the process consists of:

 

1. Define your business assets – Critical business processes, high-value systems, intellectual property, etc.

2. Identify which systems hold the assets – Databases, servers, email, calendars, network, CRMs (Custom Relationship Management software), and more.

3. Create a security list for each system – Includes which security controls are currently used to protect those systems in step #2 (i.e. enterprise-grade firewalls, solid endpoint detection and response systems, or the best antivirus). List any known vulnerabilities that are present as well.

4. Identify any potential threats – Hacktivists, cybercriminals, the competition, disgruntled employees, customer theft, etc.

5. Prioritize the potential threats and take proactive action to lower the risks – Consider any past data breaches, as well as internal risk concerns, and attempt to foresee what the organizational impact of particular threats could be. How would you react to a breach with each potential threat? What would be the best way to mitigate these risks right now?

With a threat model in place, you can match the highest severity risks to appropriate tactics, techniques, and procedures. By establishing these threat profiles in your business, it helps CEOs to understand where their computer security is lacking and how the improvements need to be made. As a result, threats are mitigated with a stronger defense.

 

If you’re a business owner who is concerned about the state of your technology’s security and how your business would survive a devastating cyber attack, contact us at (860) 785-6233. Encompass IT Solutions provides in-depth Cybersecurity Risk Assessments that identify and mitigate cybersecurity threats for your computers and network infrastructure.

cybersecurity-training-for-businesses-connecticut

Connecticut’s Liberty Bank Customers Targeted in Phishing Attack

 

Liberty Bank, the third largest bank in Connecticut with 55 branch offices located throughout the central and southern parts of the state, sent out a fraud alert Monday morning.

A phishing email was successfully sent to their customers, stating that a bill of over $2,000 had been paid to a fictitious name and contained a link to supposedly log into the bank’s online portal to dispute the fund transaction. The link most likely redirected to a fake webpage that looked like the bank’s portal, but collected the customer’s banking credentials to be used for later.

While it is unknown how many of Liberty Bank’s clients fell victim to the cybersecurity scam, this isn’t the bank’s first phishing scare.

Back in October of 2009, Liberty Bank’s Vice President, Jill Hitchman, stated that the FBI was investigating an automated phone-call phishing scam referencing the Connecticut-based bank. Hitchman reported that Liberty Bank customer information had not been compromised, and quickly implemented preventative measures, as well as made customers aware of the scam.

 

What Can We Learn?

With this local attack being so close to home, it only confirms the fact that email phishing scams are on the rise. Wombat Security’s “State of the Phish 2018 Report” found that phishing attempts have grown 65% in the last year, and 95% of all attacks on enterprise networks are the result of successful spear phishing, according to the SANS Institute.

Unfortunately, it only takes one wrong click to leak vital business data and online banking credentials that can either be sold on the dark web or used to process money transfers directly.

Thankfully, Liberty Bank quickly educated their clients on the malicious email and has procedures in place when phishing scams do happen. However, it’s important to ask yourself if you have the same protections in place as a small business? What if one of your employees had opened the email or what if it had a malicious email attachment? If not, we highly suggest Employee Cybersecurity Training that educates your employees on the difference between legitimate emails and targeted phishing attacks like this one.

 

Were You Affected by This Phishing Scam?

The bank is suggesting that the safest way for customers to log in to their online banking services is to go to the Liberty Bank website and use the login box in the upper right corner.

Customers who believe they may have fallen victim to the scam should call Liberty Bank immediately at 888-570-0773.

 

How to Protect Your Business

If you’re constantly being sent phishing emails like this one, or have employees that aren’t exactly discerning when it comes to emails, attachments, or websites, feel free to call us for a free quote on our affordable, online Employee Cybersecurity Training program at (860) 785-6233. We also provide in-depth Cybersecurity Risk Assessments for businesses to determine their IT infrastructure protection and security. Gain a peace-of-mind while navigating today’s treacherous cybersecurity landscape.