Why do you need a top-down approach to IT security?

For any organization, its employees are its biggest assets. But, what happens when your biggest assets turn out to be your greatest threats or liabilities? That is how cybercrime can change the game. In a recent study, it came to light that employee actions account for about 70% of the data breaches that happen. This blog focuses on the first step you need to take as an organization to better prepare your employees to identify and mitigate cyber threats–adopting a top-down approach to IT security.

Being a victim of cyber-attack can prove disastrous for your business as it has the following repercussions.

  • Affects your brand image negatively: Business disruption due to downtime or having your important business data including customer and vendor details stolen reflects poorly on your brand.
  • It can cause you to lose customers: Your customers may take their business elsewhere as they may not feel safe sharing their PII with you.
  • Can cost you quite a bit financially: Data breach makes you liable to follow certain disclosure requirements mandated by the law. These most likely require you to make announcements on popular media, which can prove expensive. Plus, you will also have to invest in positive PR to boost your brand value.
  • It makes you vulnerable to lawsuits: You could be sued by customers whose Personally Identifiable Information (PII) has been compromised or stolen.

The organizational mindset needs to change and acknowledge the fact that IT security is not ONLY your IT department, CTO or Managed Service Provider’s (MSP) responsibility. You need to truly believe that IT security is everyone’s business, and that includes everybody working in your company, from the C-level execs to the newly hired intern. Everybody needs to understand the gravity of a cyberattack and its impact. Only then will they take cybersecurity seriously.

About Silver Sparrow

Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems. Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.

“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” Red Canary’s Tony Lambert wrote in a report published last week.

But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it’s unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.

Furthermore, the purpose of this malware is also unclear, and researchers don’t know what its final goal is. Once Silver Sparrow infects a system, the malware just waits for new commands from its operators — commands that never arrived during the time researchers analyzed it, hoping to learn more of its inner workings prior to releasing their report. But this shouldn’t be interpreted as a failed malware strain, Red Canary warns. It may be possible that the malware is capable of detecting researchers analyzing its behavior and is simply avoiding delivering its second-stage payloads to these systems.

The large number of infected systems clearly suggests this is a very serious threat and not just some threat actor’s one-off tests.

What You Can Do

Avoid downloading software packages or updates from websites you are unfamiliar with.

• Were you prompted by a website to download a software package and/or update?
• Was it something you weren’t intending to download or install until the website suggested you should?
• Was the package file named something simple and dull, like “update.pkg” or “updater.pkg?”

If you said yes to any of these, please contact us and we’ll take a look at it.

Contact Us
314.333.3330
acumen@acumen-corp.com

Things to consider before switching to the Cloud

More and more businesses are switching to the Cloud to store their data and rightly so. The Cloud offers numerous benefits over the traditional, physical on site server. For example,

  • Anytime, anywhere access to your data: Information in the Cloud can be accessed from anywhere using an internet connection, unlike in the case of traditional servers, where you need a physical connection to the servers
  • Significant cost savings: You cut hardware costs, because the Cloud follows a ‘pay-as-you-use’ approach to data storage
  • SaaS compatibility and support: The Cloud allows the use of Software-as-a-Service since the software can be hosted in the Cloud
  • Scalability: The Cloud lets you scale up and down as your business needs change
  • 24/7 monitoring, support, and greater access reliability: When your data is in the Cloud, the Cloud service provider is responsible for keeping it safe and ensuring it is securely accessible at all times. They monitor the Cloud’s performance and in the event of any performance issues, they provide immediate tech support to resolve the problem

Your big Cloud move: What to consider

If you are considering moving to the Cloud, you will find it helpful to sign-up with an MSP who is well-versed with the Cloud. They can advise you on the benefits and risks of the Cloud and also offer the Cloud solution that’s right for you. In any case, before you migrate to the Cloud, make sure you are dealing with a reputed Cloud service provider who has strong data security measures in place. You can even explicitly ask them what security mechanisms they have invested in to manage data access and security.

Yes, moving to the Cloud has it benefits, but it also has its challenges including security risks. Learn more in our next blog, “Is the Cloud really risk-free?”

Online shopping? Watch out for these red flags

Who doesn’t like online shopping? Online shopping has opened up a whole new world to us. Get whatever you want, whenever you want, without wandering from store to store. It doesn’t matter if it is too hot to venture outside or if there’s a blizzard out there, you do your shopping from the comfort of your couch and the stuff at your doorstep. You get great deals, some are better than in-store specials. But, did you know cybercriminals love the concept of online shopping as much as you do. Cybercriminals are exploiting the growing popularity of online shopping to cheat unsuspecting buyers through techniques such as phishing, malware injection, etc. Here are a few tips that may work to keep you safe from being a target of cybercriminals as you shop online.

How to determine if the ad or shopping site is genuine?
As you browse the web, you will come across various ads targeted at your interests. Businesses engage in ‘Retargeting’ which means they use cookies to target you with very specific ads until you buy something. For example, look at a wallet and, you will see ads for wallets on various other sites you browse even if they are not shopping sites. Are those ads genuine? Before clicking on any ad you see online and making a purchase, be sure to verify if the ad is genuine. The same goes for shopping sites. Before you shop, you need to ensure the site is genuine, especially since you will be sharing your credit card details or Personally Identifiable Information (PII) such as your address. Here are a few things to check before you make that online purchase.

English: Keep an eye out for grammatical errors or spelling mistakes in the ad. Fake ads and sites may look a lot like the actual ones, but spelling mistakes or grammar errors may tell the true story. Scammers don’t have content writers to write great sales content!

Check the URL: When at a shopping site, always check the URL in the address bar to ensure it is genuine. For example, if you see www.1amazon.com or www.amazon-usa.com, you should know it is not the same as www.amazon.com. Checking the URL also lets you detect website cloning and phishing. Website cloning is one of the most popular methods used by scammers to fleece consumers. As the term suggests, the cybercriminal first creates a ‘clone’ site that looks exactly like the original one, barring a very minor change in the URL.

Don’t Get Phished!
Phishing is when you receive a message, usually through an email or a text message asking you to take an action, such as clicking on a link, filling out a form, logging into an account, etc., Such messages look as though they are genuine. But, the form fill, account login, or link will take you to a spurious site where your information will be captured for bad use. Checking the URL will help you detect phishing frauds as well.

Check before you download anything: Sometimes you may receive a link and asked to download a coupon or a gift card that entitles you to a sizable discount. It may be a fraud. In fact, it probably is.

Download only from legitimate marketplaces: With so many shopping options it is tempting to download every new app that you come across. But, only download from authorized marketplaces like Google Play Store for Android or the App Store for iOs.

At the end of the day, remember, there is no free lunch. If something seems too good to be true, it probably is.

Protecting yourself against poison attacks

Data poisoning by way of logic corruption, data manipulation and data injection happen when the attacker finds a way to access your data set. The kind of poison attack varies depending on the level of access the attacker is able to achieve. Here’s what you can do to ensure such access is prevented:

  1. The data poisoning attacks discussed above adversely affect your IT system’s machine learning capabilities. So, the first logical step would be to invest in a good machine learning malware detection tool. These tools are different from the typical anti-malware tools you get in the market and are specifically designed to prevent machine learning capability poisoning.
  2. Always follow general IT security best practices such as:
        • Training your employees to identify spam, phishing attempts, and possible malware attacks
        • Following good password hygiene, which means never sharing passwords and only using passwords that meet the required security standards
        • Having a powerful IT audit process, tracking and version control tools, so as to thwart any possible insider attacks
        • Ensuring the physical security of your IT systems by way of biometric access, CCTV systems, etc.

Google has released version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. This release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.

What You Can Do

Users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible.

Determine if an update is pending
1. On your computer, open Chrome.
2. At the top right, look at More (3 dots).
3. If an update is pending, the icon will be colored:
Green: An update was released less than 2 days ago.
Orange: An update was released about 4 days ago.
Red: An update was released at least a week ago.

 

Updating Instructions
Some notes before you update:
– All browsers will be closed and you will need to relaunch Chrome from the Windows menu.
– Once you relaunch, your browsers will reopen the apps automatically where
you left off.
– You don’t need to close browsers or even log out of web applications. However, you may need to log back into some applications once you relaunch.

To update Google Chrome:
1. On your computer, open Chrome.
2. At the top right, click More (3 dots).
3. Click Update Google Chrome.
Important: If you can’t find this button, you’re on the latest version.
4. Click Relaunch.

 

Have Questions? Need Assistance?
If you have questions or need assistance, please call the friendly experts at Acumen at 314-333-3330.

 

 

*https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day/