Thursday, January 27, 2022

Some Basic Computer Security Tips To Help You Protect Yourself



computer-security-300x200.jpgComputer security is often viewed as too complicated and technical by many people. It is actually quite simple if you look closely at the important points. How can you safeguard yourself? Continue reading.

These are some computer security tips you should know

Allow automatic updates

Every software that you use today is subject to different security problems. These issues are continuously being discovered, regardless of whether you're using Internet Explorer, Google Chrome or Mozilla Firefox, Windows, Microsoft Office or Windows. Many operating systems and programs today have automatic updates that fill in these security gaps. To update software, you don't need to click or download anything. It will update itself automatically in the background, without you having to do anything. Some people may choose to disable this feature. You might not like Windows automatically restarting after installing an update or simply don't want it. It is important to ensure that automatic updates are enabled if you want to protect your computer.

Anti-Virus and anti-Malware software should be used

Anti-virus software claims to be the best every few years. Some experts claim that anti-virus software is obsolete and not necessary. It is important to remember that you still need anti-virus software, even if your computer use is cautious. Windows Defender is fine, but you can also use similar software. Ask SpartanTec which anti-virus solution is right for you.

Automate Passwords with Better Security

Everyone knows passwords are important. However, many people ignore them. Use different passwords for each account. Hackers are all around and you could give someone access to your accounts if you use the exact same passwords. You should also use long passwords. LastPass is a good password manager.

Never leave your phone or computer unattended

Although this is a simple warning, it deserves to be noted. You should never leave your smartphone or computer unattended, especially when you're in public. There is a high chance that your device will be stolen if you do. If it is stolen, the person who took it will have access your personal information.

Find out which links to click in emails

This is something you may have heard a lot about. Never open email from unknown sources. Emails that appear legitimate may contain malicious links. Phishing is the term used to describe this. Do not click on any links in email, especially those that point to sensitive sites such as your bank's website. Even if the link was sent by friends, make sure you carefully examine it before clicking.

Take care when downloading and running programs

Computer security in Myrtle Beach is important. Be careful about what programs you download and run. Only use trusted and well-respected programs or those recommended by respected websites.

SpartanTec Inc. can help you to ensure that your computer, phone and network are safe from all possible and current threats.

SpartanTec Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Monday, January 24, 2022

Purple Fox Trojan Delivering Malware Via Popular Messaging App



A research team from Minerva Labs are working in conjunction with the MalwareHunterTeam.

They have recently been tracking a Trojan called Purple Fox and have published a warning about it.

The group behind the Trojan is now distributing their malicious code disguised as a Telegram installation file.

If you're not familiar with that name Telegram is one of several online messaging apps available on the web. The Trojan has been around since at least 2018 and the hackers who control it have tried a number of different ways to get their malicious code onto unsuspecting desktops.

The use of Telegram as a masking agent is new and the group is also now breaking their malware up into several small files. That makes it less likely to be detected and the researchers have been able to confirm it.  They found few AV engines capable of detecting a Purple Fox installation and it is worrisome indeed.

The team behind Purple Fox isn't resting on their achievements either.  They have been steadily adding features and functionality to their code. These new features include a new .net backdoor dubbed "Fox Socket" spotted by Trend Micro in October of last year (2021) and Guardicore Labs discovered a version of the code with wormlike capabilities which allowed the variant to spread with blinding speed.

In addition to that, the malware comes in both 32-bit and 64-bit variants so this one is not to be underestimated.  Purple Fox may wind up being one of the biggest threats on the landscape in 2022.

Of course, it's early days yet and we haven't seen what other nasty surprises that the hackers of the world have been cooking up over the holiday season, but the bottom line is that Purple Fox is one to watch.

Call SpartanTec, Inc. now for more information about effective cybersecurity measures for your business.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Saturday, January 22, 2022

FTC Enforcing That Businesses Patch Log4j Java Security Issue



By now you're almost certainly aware of the Log4j Java issue.

It's a serious and fixable flaw relating to java logging.

Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn't yet fixed the flaw and protected against the vulnerability.

The FTC's statement reads in part as follows:

"The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Failure to identify and patch instances of this software may violate the FTC Act.

The Log4j vulnerability is part of a broader set of structural issues.  It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. 

These projects are often created and maintained by volunteers, who don't always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.

This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security."

The FTC has already made it clear that they're not playing around with this issue either.  Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.

The FTC clearly has the muscle to make this threat stick. So if you haven't already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.

Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don't take any chances.  Stay vigilant out there.  It's going to be an interesting year.

Call SpartanTec, Inc. now if you need professional IT support in keeping your information safe against cybersecurity issues and online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Thursday, January 20, 2022

New Data Breach Hits US Cellular Company



It's the dawning of a new year and the hackers of the world have been busy.  This time it's US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company's customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That's small consolation if you're one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

"On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account."

If you haven't received a notification in the mail from US Cellular then it's  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we'll probably be seeing a lot more of this kind of thing in the year ahead.

Call SpartanTec, Inc. now if you need professional help in protecting your data against hackers and cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Wednesday, January 19, 2022

This New Malware Steals Passwords From Popular Browsers



A new threat has appeared on the horizon. Even if the name is not familiar to you this malware strain is bad news indeed.

Called RedLine it is an information-stealing malware that specifically targets popular web browsers including Opera, Microsoft's Edge browser, and Chrome.

Unfortunately, many people have come to rely on their trusty web browser to store and remember their passwords for them. RedLine takes advantage of this and the group behind the code has found a way to crack the browser open and grab the passwords stored within.

Even worse is that RedLine isn't just isolated to a single gang or group of cyber criminals.  Instead, it is being offered as a commodity on the Dark Web. That means anybody with about $200 USD can buy a copy and start harvesting the credentials of anyone they infect.

While it is true that passwords stored inside web browsers are encrypted, RedLine can programmatically decrypt those passwords if they are logged in as the same user which is very much the case here.  RedLine runs as the user who was infected which means that all of their passwords are open to the person controlling the malware.

Although it is highly convenient the bottom line is that it's dangerous to have all of your passwords stored inside your web browser.  If you insist on going that route, then your best bet by far is to enable two-factor authentication on every website you visit frequently that offers it. That is so at least if your passwords are compromised the hackers who gain access to the information still can't easily access your accounts.

Given how RedLine is being marketed on the Dark Web we can expect to see a surge in cyberattacks using the malware in the months ahead.  It's going to get a lot worse before it starts getting any better.

Call SpartanTec, Inc. now if you need the help of IT professionals in protecting your business against cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Monday, January 17, 2022

Popular Digital Photo Company Shutterfly Hit By Ransomware Attack



Recently digital media giant Shutterfly was hit by a major ransomware attack.

The attack disrupted broad swaths of the company's services including those offered under their GrooveBook, BorrowLenses, and Lifetouch brands.

According to a report received by BleepingComputer, Shutterfly was targeted by the Conti gang. That group was able to encrypt more than four thousand of the company's devices and 120 VMware and ESXi servers.

Like so many ransomware attacks in recent months the Conti gang did not start encrypting files immediately upon breaching the Shutterfly network.  Instead they lurked for a time while quietly exfiltrating files to a server they control.

The Conti gang has created a private Shutterfly data leak page that contains screenshots of the data the group allegedly stole prior to launching the encryption phase of their attack.  The purpose is to use the stolen files as leverage to prompt the company to pay the ransom demanded. The ransom in this case is reportedly in the millions of dollars.

Based on the screenshots on the data leak page it appears that the Conti gang made off with legal agreements, merchant account info, and a wide range of login credentials for corporate services.

The company has released a brief statement about the matter that reads as follows:

"Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.

As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate."

Based on the above there's little for users of those services to do at present. Out of an abundance of caution if you do use the impacted services you will probably want to change your password and improve your computer security right away.

Call SpartanTec, Inc. now if you need help in protecting your information against ranswomare attacks and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Saturday, January 15, 2022

LastPass Says There Is No Evidence Of Data Breach



data-resized.pngThere are strange events swirling around LastPass. LastPass is a popular password safe and identity protection service.

Recently Twitter exploded with reports from around the world of people who received a notification from LastPass regarding a string of suspicious login attempts. Most of them came from countries other than the ones the impacted users lived in.

Naturally this led to speculation that LastPass had been hacked and a data breach caused some portion of the passwords stored by their massive user base were stolen. This created something of a panic because LastPass and similar sites are considered one of the last safe refuges where passwords are concerned.

The company responded that there was no evidence that LastPass servers had been breached but questions persisted.  If that was the case, then why did the company send out notifications to users regarding suspicious login attempts? The company's investigation into the matter continued.

Recently LastPass issued another update which reads as follows:

"As previously stated, LastPass is aware of and has been investigating recent reports of users receiving e-mails alerting them to blocked login attempts.

We quickly worked to investigate this activity and at this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing, nor have we found any indication that user's LastPass credentials were harvested by malware, rogue browser extensions or phishing campaigns.

However out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems.

Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved.

These alerts were triggered due to LastPass's ongoing efforts to defend its customers from bad actors and credential stuffing attempts. It is also important to reiterate that LastPass' zero-knowledge security model means that at no time does LastPass store, have knowledge of, or have access to a users' Master Password(s).

We will continue to regularly monitor for unusual or malicious activity and will, as necessary, continue to take steps designed to ensure that LastPass, its users and their data remain protected and secure."

It seems that it was a false alarm.  Even though it was a false alarm, if you are LastPass user you should enable two-factor authentication as soon as possible to minimize your risk.

is your data secure? if you don't have an  answer to this question then it is time to contact SpartanTec, Inc. for a complete network security audit.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Thursday, January 13, 2022

How Data Breaches Happen



data breach is more than just a temporary terror. They can have a profound impact on your life. Sensitive information can cause huge problems for individuals, businesses, and governments. Hackers can reach you online or offline via Bluetooth, text messages or other online services.

A small flaw can lead to a huge data breach if it isn't addressed properly.

Many people don't pay enough attention to modern security threats because they aren't aware of their existence.

We'll be discussing data breaches and their potential impact on you in this article.

We'll be diving in to answer some of the most frequently asked questions.

  • What is a data breach?
  • What is the cause of a data breach
  • What does a data breach mean for me?
  • What can I do prevent data breaches?

Before we move on, let's first define data breaches.

What is a Data Breach?

Data breach is when confidential, sensitive or protected information is made available to an unauthorised person. Files in a data breach can be viewed and/or shared by anyone without permission.

Data breaches can happen to anyone, from individuals to governments and high-ranking companies. Even more important, anyone can expose others to risk if they don't have their data protected.

Generally speaking, data breaches take place because of weaknesses in:

  • Technology
  • User behavior

Data can slip through more places as our mobile devices and computers get more connected. We are constantly creating new technologies faster than we can protect them.

The IoT sector's devices are a clear example of how we value convenience over security.

Hackers are exploiting many "smart home", products that have flaws like a lack of encryption.

We'll see more of this issue as new digital products, tools, and services are used without any security testing.

Even if all the technology is in place, users may still be prone to poor digital habits. It takes just one person to compromise a website, or network.

You are almost certain to be at risk if you don't have comprehensive security both at the enterprise and user levels.

Understanding how data breaches occur is key to protecting yourself and others.

How do Data Breaches happen?

Although it is commonly believed that data breaches are caused by outside hackers, this is not always the case.

Sometimes, data breaches can be traced back at the source to intentional attacks. It can also be caused by simple oversights or weaknesses in the company's infrastructure.

Here are some ways a data breach could occur:

  • An Accidental Insider. One example is an employee accessing a colleague's computer without authorisation permissions and reading files. This access is accidental and no information is given out. The data was however viewed by an unauthorized person and is therefore considered to be breached.
  • A Malicious Insider. A malicious insider is someone who accesses or shares data in order to cause harm to an individual/company. Although the malicious insider may be authorized to access the data, the intention is to use it in criminal ways.
  • Devices stolen or lost. A laptop or external hard drive that is not encrypted and locked -- any information that contains sensitive data -- can be lost.
  • Malicious Outside Criminals. These hackers use various attack vectors in order to obtain information from a network or individual.
  • Malicious methods used to breach data

Cyberattacks can lead to malicious data breaches, so it is important that you know what to look out for.

These are some of the most popular hacker methods

Phishing. Such social engineering attacks are intended to trick you into causing data breaches. To deceive you, phishing attackers pretend to be organizations or people that you trust. These criminals will try to get you to give the data to them or to gain access to your sensitive data.

Brute force attacks. Hackers might use software tools to guess passwords in a more aggressive approach.

Brute force attacks

You should go through every possible password option until you get it right. Although these attacks can take some time, they have become more rapid with the increase in computer speed. Hackers can also hijack other devices similar to yours by infecting them with malware, which speeds up the process. It might take only a few seconds for hackers to crack your password if it is not strong enough.

Malware. Security flaws can exist in your device's operating system and software. Criminals use these security gaps to insert malware. Spyware is perfect for stealing private information while remaining undetected. This infection might not be detected until it is too late.

PC-blog-img-november-300x225.jpgWhat are the targets of Data Breaches?

A data breach could be caused by an innocent error, but real damage can occur if the person with unauthorized entry steals or sells Personally Identifiable Information or corporate intellectual data in order to gain financial gain or cause harm.

Malicious criminals follow a simple pattern. Targeting an organization to breach is planning. They conduct research on their victims to find out where vulnerabilities exist, such as missing updates or failures and employees' susceptibility to phishing attacks.

Hackers discover weaknesses in a target and then create a campaign to get insiders downloading malware. Sometimes, they directly target the network.

Once inside, malicious criminals can search for any data they need. This is because it takes an average of five months to find a breach.

Common vulnerabilities that malicious criminals target include:

You have weak credentials Weak credentials are responsible for the majority of data breaches. Your username and password combination can be used to gain access to your network by malicious criminals. Cybercriminals can use brute-force attacks to gain access to your email, website, or other financial information, as most people reuse passwords.

Stolen credentials. Brute force.

Phishing

They pose a serious security risk and can be used by cyber criminals to gain access to your bank account and other online accounts.

Compromised assets.

Various malware attacks

These are used to disable regular authentication steps that would normally protect computers.

Payment Card Fraud. Card skimmers attach themselves to gas pumps and ATMs and steal data every time a card swipes.

Third-party access. Third-party access. Malicious criminals may be able to gain access to your network and data, even though you do your best to protect it.

Mobile Devices. Employees are permitted to bring their own devices into work (BYOD). This makes it easy for malware-laden apps to be downloaded to the device, giving hackers access to the data. This includes files and email from work, as well as the owner's PII.

Data Breach can cause serious damage

Data breaches are not something that can be fixed with a few password changes. Data breaches can have a long-lasting impact on your finances and reputation.

A data breach can be devastating for business organizations. It can affect their reputation and financial bottom lines. Equifax, Target and Yahoo are just a few of the organizations that have suffered from data breaches. Many people today associate the data breach with these companies and forget about their actual business operations.

Government organizations can be exposed to highly confidential information by compromising their data. A government's citizens and its citizens can be seriously threatened by military operations, political dealings, or details about essential national infrastructure.

Individuals: Identity theft is a serious threat to victims of data breaches. Data leaks could reveal everything, from banking information to social security numbers. These details can be used to commit fraud under your name by criminals. It is possible to lose your credit and face legal problems if your identity is stolen.

These are all common situations, but data breaches can cause more harm than these. It is important to determine if your data has been compromised. To find out if your personal or work accounts have been compromised use https://haveibeenpwned.com/ to check (this tool checks existing data breaches for your email address and reports what was leaked).

To determine if your data is being leaked, you might need more detailed monitoring. Kaspersky Security Cloud offers data leak detection to help you navigate the situation.

The best way to protect your self is to not be a victim. There are many ways to protect yourself, whether you're an individual person or an enterprise.

How to avoid becoming a Data Breach victim

  • Everyone needs to be involved in data breach prevention, from IT support staff to end-users and everyone in between.
  • Security is as weak as the weakest link when you are trying to prevent data breaches or leaks. Each person who interacts with the system could be vulnerable. Even children as young as three years old can be at risk from a tablet connected to your home network.
  • These are some best practices to prevent data breaches
  • Software updates and patches available as soon as possible
  • Secure data encryption using high-grade technology
  • Upgrade devices when software is not supported by the manufacturer
  • BYOD security policies should be enforced, such as requiring that all devices use a business-grade VPN and antivirus protection.
  • To encourage better cybersecurity practices, strong credentials and multifactor authentication should be enforced. Encourage users to use a password manager.
  • Educate employees about security best practices and how to avoid being victim of socially-engineered attacks.

Call SpartanTec, Inc. now if you want to prevent data breaches and keep other online threats at bay.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Tuesday, January 11, 2022

Link between Cybersecurity Attacks & Remote Work Technology

According to a recent 60 Minutes interview, more and more of the workforce is opting to work remotely. This can leave a big gap in your cybersecurity network. Research and reports on the cybersecurity risks of hybrid or remote work continue to be published. A Tenable study found that 74% of companies attributed recent cyberattacks on their business to remote work.

The report was conducted by Forrester. It found that cloud services, apps, personal devices, and remote access tools have effectively eliminated security perimeters within organizations, leading to more cyberattacks and compromises as IT support managers struggle with managing the new technologies.

Today, 80% security and business leaders believe that remote work has made their organization more vulnerable to risk. This is attributed to three factors, according to the survey: lack of visibility into remote employees' home networks, expansion of the software supply chain, and migration to the cloud.

Cybersecurity and Remote Work

The research found that over half of remote workers access work data via a personal device. 71% of security officers lack adequate visibility into remote employee networks. This leads to cyber attacks targeting remote employees (67%)

Recent cyberattacks have also highlighted the increased use by threat actors of compromising third party software providers or leveraging vulnerability in those products. 65% of respondents to this survey link recent cyberattacks with those compromises.

Tenable found that while the cloud is generally viewed as more secure than the on-premises infrastructure in many cases, 80% of security and business executives told Tenable that they felt that moving business-critical functions to cloud increased their risk. 62% also reported that cloud assets were causing business-impacting attacks.

The survey found that at least two-thirds (or more) of IT security professionals plan to increase cybersecurity investment over the next two year. Nearly 75% of respondents cited vulnerability management and cloud security among their top priorities.

Amit Yoran (CEO of Tenable) stated that hybrid and remote work are not going away. Therefore, organizations must adapt to ensure their employees can be protected.

Yoran states that there are two ways forward. One is riddled by unmanaged risks and unrelenting hack attacks, and the other accelerates business productivity. "CISOs and CEOs have the responsibility and opportunity to harness the power and manage cyber risks for the new world.

Call SpartanTec, Inc. now if you need professional help in securing the system you use for your work from home setup.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Sunday, January 9, 2022

Hackers Are Using Big Brand Surveys To Scam Victims



Surveys have long been a playground of hackers and scammers.

That's true at any time of the year but it's especially true around the Holidays when such scams seem to attract even more unwitting victims.  In fact, some estimates place scammer profits revolving around fake surveys as being nearly $80 million a month. So it's big business for them.

The particulars vary somewhat from one operation to the next.

Here's how cybersecurity scams work in general:

First the scammer targets a perfectly legitimate survey or giveaway offered by a big well-known company or brand.

They'll copy the layout and format of this legitimate survey creating their own version of it.  By all outward appearances from the perspective of a visitor to the survey site, they're taking advantage of a legitimate offer.

Naturally there are some telltale signs.  Most of these fake sites are written by people who are not familiar with the English language and they aren't checked closely for quality control so you're likely to catch spelling errors or grammatically incorrect phrases that could serve to give away the game. Of course there's no hiding the URL but most of the people who land on a survey or giveaway page aren't paying much attention to that.

Once on the page the victim is in the funnel. The survey proceeds as you'd expect with a request for personal information at the end.  Sometimes they ask for a credit card (which the victim is assured won't be billed - it's merely being used for 'verification purposes.')

And you know how the story ends.

Armed with this freshly gleaned information the scammers make off with it either running up big bills on the victim's card or selling the data to the highest bidder.

This is a global issue.  It impacts people from all walks of life and from almost every country on the planet.  Don't fall for it.  Do your due diligence or just say no to anything that looks like it's too good to be true.

Have your employees been trained on what to look for when it comes to phishing emails? Are you sure your data is secure?

If you don't know the answer to these questions, it is time to contact SpartanTec by completing the form to the right.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Used with permission from Article Aggregator

Friday, January 7, 2022

New Ransomware Named AvosLocker Uses Multiple Tricks In Attacks



There's a new strain of ransomware to be concerned about in the form of AvosLocker.

This is from security firm Sophos who warns that the new strain of human-operated ransomware is one to watch.

AvosLocker burst onto the scene over the summer of this year (2021). Having enjoyed some success with their product the gang behind the code is now on the hunt for partners in a bid to fill the gap left by REvil's departure.

One of the key features of the malware's design is the fact that it leverages the AnyDesk remote IT admin tool while running it in Windows Safe mode. We've seen malware that leverages Windows Safe Mode. Safe Mode loads with a minimal set of drivers and it is less well-protected but it isn't exactly a common tactic.

AnyDesk is of course a perfectly legitimate tool used by thousands of professionals all over the world every day.  Here however it is being put to nefarious use and by combining it with running in Safe Mode and it allows the hackers to deal serious damage to their targets.

Peter Mackenzie is the Director of Incident Response at Sophos. Mackenzie says the group behind this new strain relies on simple but very clever tactics and methodologies to get the job done. So far, they've been amazingly successful.

The company had this to say about the new strain:

"Ransomware, especially when it has been hand-delivered (as has been the case in these Avos Locker instances), is a tricky problem to solve because one needs to deal not only with the ransomware itself, but with any mechanisms the threat actors have set up as a back door into the targeted network. No alert should be treated as "low priority" in these circumstances, no matter how benign it might seem."

Wise words indeed.  Stay alert out there.

Call SpartanTec, Inc. now if you need the help of IT specialists in setting up the most effective cybersecurity measures to protect your business against various online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Wednesday, January 5, 2022

The Best IT-Related Resolutions For The New Year



The past couple of years have been difficult for just about everyone. Business owners and entrepreneurs have had to adapt and evolve to survive in an ever-changing climate. There’s no telling when or even if things will go back to what we once thought was “normal.” As we enter a New Year, many business owners are putting their resolutions in place to survive and hopefully thrive in 2022.

People will focus on plans for growth and ways to bring more profit in for their resolution, but it’s important to include tech- and IT-related resolutions as well. Technology might not be an obvious approach to growing a business, but it goes a long way toward making your clients and employees feel more secure about everyday interactions. This can inadvertently lead to growth as you improve customer relationships as well.

Here are a few tech-related resolutions that we think can greatly improve any business.

Use Multiple Layers Of Cyber Security Protection

There is no security approach that covers every hole or flaw that cyber security threats are looking to exploit. The best way to keep your defenses protected is to put in place multiple approaches to cover every possible gap. By using multiple programs and layers, you will ensure that every individual component of your cyber security program has a backup to counter any issues.

Your first line of defense should be a firewall. Firewalls help monitor incoming and outgoing traffic and work as a barrier between networks you trust and don’t trust. They essentially shield you from malicious or unnecessary network traffic. Multifactor authentication is an important layer as well. This prevents cyber-attacks that come from weak or compromised passwords. With multifactor authentication, you and your employees may have to receive a text to your cell phones to prove that the correct person is trying to access the network. This will help prevent the use of employee passwords to gain access to sensitive information.

Back Up Your Data And Replace Old Equipment

Data-backup-Myrtle-Beach-300x200.jpgUnfortunately, preventive measures don’t always work. An unexpected disaster could cause your network to go down or someone could accidentally delete some important files. Plus, if your data is not backed up, you could lose sensitive information as well as time and money down the road. Customers will also be upset if you lose information pertaining to them. This could devastate your brand’s reputation and cost you customers. If you do not have a backup plan or program in place, you should definitely get one for 2022.

In addition to backup plans, it’s important to have equipment that is up-to-date. Using slow and outdated technology can take away from productivity and will make your job more difficult. If some of your equipment goes down, think about replacing it with something new rather than repairing it. While it might be more expensive at first, this decision will save you time and money in the long run.

Employee Security Training

If you want to run a cyber security-aware business, you’ll need to train your employees in security awareness and create a culture that ensures information security. Providing your employees with training related to information security can make them more comfortable and confident in their decision-making and overall employment. This rubs off on your clients and makes them feel more comfortable about doing business with you. According to information from the UK Information Commissioner’s Office, human error is to blame for 90% of cyberdata breaches. Getting your employees trained in cyber security awareness can help reduce the chance of human error.

As you lay out plans to make your business more successful throughout 2022 and beyond, ensure that your tech and information security practices are updated. There are simply no downsides to improving your technology and cyber security. Adopting these practices can go a long way toward making your employees and customers feel more comfortable and confident in their decisions.

SpartanTec, Inc. would like to partner with you in the new year to ensure your business, your employees and your customers data is secure. Call us today for a complete consultation on how we can give you peace of mind.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston