Longleaf System & Network Specialists

Managed IT Service Provider

By

How Hackers Steal Your Data (Part 2 Of 2)

In Part 1 of our data hacking article, we explored two of the most common methods cybercriminals are using to attempt to access your data. In Part 2, we’ll look at three slightly more sophisticated attacks that you should be aware of to properly steel yourself against data breach attempts.

Social Engineering

A catch-all term that can include phishing (discussed in Part 1 of this article), social engineering uses your real-world instincts against you to get you to divulge information you usually would be hesitant to reveal. Typically speaking, hackers use technological vulnerabilities to exploit holes in your cybersecurity, but in social engineering attacks, hackers lean on your personal weaknesses.

Some examples of this might be:

  • A hacker calling and posing as a client who’s locked out of their account and needs you to give them access.
  • A hacker calling or emailing pretending to be a local charity asking for financial information to make a donation.
  • A hacker texting you posing as a friend, boss, or coworker who needs urgent help.

Relying on psychological manipulation, these examples illustrate the importance of slowing down, staying skeptical, and carefully reviewing any “urgent” issues before taking action. Be wary of links or downloads even if they seem to be from a trusted source, set your email spam filters to the highest setting, and always be wary of anyone asking for credentials in a text, email, or phone call if you want to avoid being misled by this form of emotional manipulation.

Man-In-The-Middle Attacks

In a man-in-the-middle (MITM) attack, an adept hacker will use IP, ARP, or DNS spoofing to position themselves in the middle of a conversation between you and an application to intercept user traffic. After they’ve intercepted this traffic, the attacker will decrypt it using HTTP spoofing or SSL hijacking to avoid detection. This allows them to then monitor and control the session and steal account details, log-in credentials, banking info, etc. A MITM attack is hard to detect, but can be prevented with due diligence. Avoiding the use of free Wi-Fi hotspots, closing out secure connections when they are not in use, and steering clear of unsecured websites are key preventative measures you should be taking to avoid this scenario. If you’re also a web administrator, you’ll want to be proactive with these types of attacks by making sure you’re using SSL/TLS to secure each page of your website and not just log-in pages.

IoT Attacks

The wave of the future, The Internet of Things (IoT) is a term used to describe the increasing array of interconnected devices that interact with each other across your network. The more devices become “smart” and connect and share information, however, the more entry points hackers have to gain access to your systems. It might seem far-fetched, but hackers can actually install viruses or hack into your wireless routers, printers, and any new device you introduce that may connect to your network regularly. If you are investing in IoT devices to stay current, only buy them from reputable vendors with track records for reliable security. Many businesses are also guilty of sticking with the factory preset passwords that come out-of-the-box with new devices. These factory passwords are often not strong enough, are easily found in product manuals, or have been made public on databases stored in the dark web. So, make sure you create a unique set of new credentials for each IoT device as soon as you introduce them to your network.

Although using the preventative measures detailed for these five types of attacks can dramatically decrease your chances of data theft, there are endless ways that cybercriminals can target you. Therefore, the true key to making sure you avoid a data breach is to have a plan. This is where an MSP like Longleaf can help. By helping you formulate a comprehensive, structured approach to cybersecurity, we can streamline the time-consuming tasks of learning about new threats, keeping your systems up-to-date, and educating your team. Contact Longleaf today to put your cybersecurity plan in motion.

By

Preventing Data Breaches on Data Privacy Day

We’re often approached by clients and others at the start of each New Year to discuss their new business initiatives, which often include new technologies they’d like to integrate into their existing systems. Though new technologies can open doors for your business, they can also create new vulnerabilities and openings for hackers, thieves, and phishers.

That’s one of the reasons we’d like to promote Data Privacy Day. It is recognized on the 28th of January each year and is intended to educate users on data privacy to promote a safer, more secure, and more private internet for citizens all over the world.

It’s a good day for individuals to review their social media privacy settings, update old passwords, and take a look at the state of your digital data security. But the purpose and goals of Data Privacy Day are of particular importance to businesses. Each year, millions of businesses face attacks to their security as a result of totally preventable vulnerabilities within their IT infrastructure. While not all attacks turn into breaches, that doesn’t mean they’re not cause for concern.

As we initiate conversations about new technologies in particular, we want to promote the idea that technology selection, integration, and user training should place security at the forefront.

So, what can you do to protect yourself this Data Privacy Day? A good place to start is to increase your password security. This can be done by requiring more complex passwords from your employees, requiring they change them up regularly, and by instating two-factor authentication, which provides additional security to confirm the person logging into your network is legitimate.

If you haven’t already, setting up firewalls and using encryption to secure your network is also a best practice to keep out hackers. Additionally, limit access privileges to certain parts of your network only to those with a verified need to do so. This reduces the probability that sensitive or protected information will fall into the wrong hands.

Finally, having back-ups, either of your entire environment, or simply of vital data, is one of the best ways to ensure that, if you are attacked in a way that threatens to corrupt or steal your data, you can recover quickly, without having to pay a ransom.

Wherever you’re starting from, and whether it’s with your legacy systems or entirely new technologies, Longleaf takes the message of Data Privacy Day to heart. Work with us or your existing MSP to craft a customized security plan that will prevent attacks from happening and keep your business’ data safe and secure.

Make it your mission, as we do, to stay updated on all the latest possible threats to your industry and chosen technologies, and get educated on your options so that you can make informed decisions about how to protect your business. Lean on your IT provider for information, but also seek out your own sources. Have other businesses in your industry been attacked? Were they prepared? What was the result, and the ultimate cost?

Longleaf offers its clients an audit of their current security infrastructure to identify vulnerabilities and prevent them from being exploited. This is especially important for our financial services, medical practice, and legal firms where the stakes are high. We’d be happy to help your business as well. But whether you work with Longleaf or another MSP, please do take advantage of Data Privacy Day to take a close look at your cybersecurity. Your business’s future could depend on it.

By

Spear Phishing Gets More Sophisticated for The Holidays

Most of us have a virtual personal assistant that lives in our pockets, internet-connected devices in our homes, and have lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work), and we’re all learning how to manage it.

In this climate of innovation, hackers have learned a few lessons too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. With all the emails you will be getting this Black Friday and Cyber Monday, is your business ready?

What is Spear Phishing?

A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. But what are they, and how can you tell if you’ve gotten one?

All phishing attacks rely on trust. Hackers excel at designing fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks.

These messages are disguised to look like critical security alerts or important work-related information. Or as the holiday shopping season kicks into full swing, they might look like emails from stores you like to frequent.

There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.

Three Spear Phishing Trends

  1. Playing the long game

    Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.

  2. Hijacking email threads

    Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.

  3. Bypassing your spam filters

    Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products.

In this environment, how can you know the difference between a trusted communication and a spear phishing attack? If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts. If you’ve partnered with an MSP like Longleaf, we can help you identify suspicious communications.

Spear Phishing in the News

In February 2018, hackers targeted Netflix subscribers, sending emails saying the users’ accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page.

After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the users’ other accounts. Imagine if this happened to one of your employees using their work email for their Netflix account.

We Can Help You Protect Your Business

Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone. We are here to help you protect your business. Contact Longleaf today.

Contact

336-870-9295

Follow Us

Locations

245 E Friendly Ave. Top Floor
Greensboro, NC 27401