Tag: cybercriminals

Back to Basics of Backing Up: How to Choose the Right File Sync & Backup

2020 saw the whole work-from-home concept flourish. It’s not that people are starting up their own businesses from home, but rather that businesses are realising the value in having home-based and remote workers. Not only does this make for a happier workforce, but it also seems to boost productivity. Of course, with the convenience of home working comes a plethora of threats, data loss potential, and vulnerabilities open to opportunistic cybercriminals.

The work-from-home professional has a lot to worry about! Hard drive failure, ransomware, natural disaster (flooding or fires), human error – you name it! The only true way to protect your data, your business, and your employees is to get back to basics – backing up! By choosing a good file sync and backup service, you can minimise the potential for ultimate data demise.

What is the Best Backup Solution?

When it comes to backing up data, there are a few options to choose from. One is that of backing up to an external hard drive and another is to opt for an online backup service. The problem with external hard drives is that they can malfunction, you could lose the device (or it may get stolen), or you could fall victim to a natural disaster.

For these reasons, we believe that online encrypted data backup services are the best possible data protection solution.
What’s great about an online backup service is that the files are all encrypted for security reasons. In addition to that, the uploaded files can be accessed and restored at any time and from anywhere – as long as you have an internet connection and your username and password on hand.

Is Encrypted Backup the Same as Cloud Storage?

The simple way to answer this question is, ‘no’.  A file syncing and cloud storage service is a service such as Dropbox, Google Drive and even OneDrive. These services will store files in the cloud, but they don’t offer document protection.

The Cost of the Right Backup Service

One of the first things that business owners worry about is the cost involved in a cloud backup service. Because the right backup service doesn’t usually come for free, they think that opting for a free cloud backup service is the answer…when, in reality, it is only a temporary solution and will eventually lead to complications and even more costs.

All cloud storage and backup service providers offer packages that have different account features. These rates usually fluctuate depending on the security offered, the number of devices linked to the account, and of course, how much storage space will be used.

Free accounts do offer storage capabilities, but when it comes to document protection, it’s quite limited. Free cloud backup plans also come with storage space limits and restricted key features. These features are typically essential to a professional business. You might also find that the files are difficult to upload, or the size of the files that can be uploaded at once are limited. This can be quite inconvenient. When you run out of space, you will typically be offered the option to upgrade to a paid account.

The Convenience of the Right Cloud Backup Service

When shopping around for a good backup service, you will likely pay special attention to the data encryption offered – and that’s good – but what about the convenience? Imagine going to the expense of equipping all of your employees with professional backup systems on their devices, which they then forget to make use of! That’s a waste of money and a risk for your business.

With a decent backup service, you should be provided with software that is quick and easy to download and activate. You should then be able to set the software to carry out an automated backup on certain days of the week and at specified times. This means that you and your employees never have to remember to do a backup – the system will do it for you.

Because the data is stored in the cloud and encrypted, there’s no need to store sensitive information on employee devices and if something does happen to the device or if there’s a case of human error with an accidental delete, there’s nothing to worry about as it’s all there, safely stored in the cloud.

The Security of the Right Cloud Backup Service

There are many cloud backup services available, but not all of them are equal. Consider a backup service that offers data encryption as this means that not even your employees can access documents that are saved to the cloud and locked. Absolute peace of mind is yours. You will be given a private encryption key required to unlock your documents and you can use a password manager to store this for you.

Features of the Backup Service

One of the most important features to look for in a data backup service, and second only to encryption, is that of the restoring of files. Restoring and recovering files should be quick and easy. If it’s not, you are wasting valuable time and money. Make sure that your chosen system has an effective file search feature and that it also has the ability to recreate and restore entire folder tree structures – which is what you will require if you need to recover from a big data breach or loss.

The Performance of a Backup Service

Another important feature to keep your eye out for is – speed. You don’t want a backup service that is extremely slow. You need a service that can encrypt, compress, and upload files to the service quickly, especially if you need to upload a lot of data or a lot of large files. Pay attention to the minim speeds offered and ensure that you chat to the service provider about your particular size and amount of data.

In Conclusion…

Choosing the right backup service at the right price can seem daunting, but have you considered the risks and costs of going another day without it? The more your workforce works from home and the more freedom you give your staff to work from home, the greater the risk of data loss and breach is to your business. Protect your business, yourself, and staff – choose the right data backup service today.

Opportunistic criminals ramp up cyber-attacks during challenging times

While the world is paralysed in fear and heavily distracted by COVID-19, cybercriminals seem to have focused their attention on the WHO (World Health Organisation). Responsible for directing international public health within the United Nations, the primary objective of WHO is to ensure that all countries are advised on correct health procedures and are fully up to date on the health risks and threats that encompass the world.

Cybercriminals are seeking out ways to use the COVID-19 threat to mimic WHO and gain access to sensitive information, while taking advantage of panicked citizens the world over.

The Cyber-Attack on World Health Organisation

On the 13th of March 2020, cybersecurity researchers noted that a malicious site was set up mimicking the WHO internal email system. The main objective of this site seemed to be the theft of user names and passwords. Due to the nature of the attack, which seems focused on healthcare and humanitarian organisations, it appears that the hackers don’t have a financial motive in this instance, but rather an intent to gather data and intelligence.

Cybersecurity officials responding to the attack confirm that it was thwarted and suggest that the cyber-attack was possibly linked to nation state officials seeking intelligence. The source of the attacks were neither claimed nor confirmed, but it is clear that the objective was to gather information on tests, vaccines, and cures for the Coronavirus.

There is some suspicion that DarkHotel, a group first detected in 2014, was behind these attacks. The group is known to target corporates and diplomats using luxury hotel Wi-Fi networks.

The WHO Warns of Malware Scam

Since the onset of the COVID-19 pandemic, the WHO has been the target of many scams.

Cybercriminals have sent out a plethora of emails pretending to be WHO officials. These emails warn of the dangers of COVID-19 and request recipients to click on a link or open an attachment. Unfortunately, the communications are scams, an easy way to get concerned readers to unwittingly install HawkEye key-logging malware on their device.

Criminals Ramping Up Scamming Efforts

Cybercrime professionals have noticed that COVID-19 themed websites, in excess of 2 000 per day, are being set up by opportunistic criminals. There has also been an increase in botnet driven emails with malicious intent doing the rounds.

Protect Yourself

Fear surrounding the pandemic is being used to launch phishing and malware attacks the world over. Now more than ever before you need to protect yourself and your data, remain vigilant, and never interact with unsolicited emails received by health officials. If you do receive such an email, make contact with the organisation to confirm legitimacy of the email and communication.

In times of uncertainly, while criminals increase their efforts, it is important for citizens of the world (not just SA) to be vigilant, cautious and careful. Protect your personal data by erring on the side of caution.

Hackers don’t break in; they log in

When we think of hackers, we tend to visualise clever online criminals who use sophisticated software to decode or crack passwords and gain access to accounts. In most instances this just isn’t the case, as many people unwittingly hand their password over to a hacker without even realising it.

Cybersecurity officials are faced with the same reality: passwords are being stolen and advanced hacking tools are not always needed.

How it happens

So, how does a hacker get access to an employee’s user name and passwords?  We take a look at the most usual hacking methods below:

  • Phishing emails

One of the most common ways for a hacker to get a password without using technology is to ask for it. Yep, it sounds awfully easy, but one thing you need to realise is that for an experienced hacker, it is as simple as that.

Phishing scams are the most prominently used form of password acquisition. It requires no software, but rather involves a hacker pretending to be someone trustworthy or an official person. They usually make contact by email or telephone and make a very convincing story.

The email signature may include the company’s correct telephone numbers and website address, tempting people into trusting the communication.

During a one-on-one conversation about the specific account, the “official” (who is actually an opportunistic hacker) will request bits and pieces of information from you such as your username, your card number, your account number, your ID number and so on.

At some point in the communication, you may receive a link to a website where you are required to input your user name and password. Of course, the hacker now has the user name and password and can then use the employee’s account to send out seemingly trustworthy communications, authorise transactions, and carry out various functions on business systems while flying under the radar.

  • Typosquatting

Typosquatting is a form of phishing that was “big” a few years ago. For quite sometime it fell away, but trends show that cybercriminals are revisiting this type of phishing.

The cybercriminal will hijack a company’s domain by registering website URLs that are very similar to the original website address. If you are attentive to detail you might notice spelling errors in the website address before you click on it! However, if you don’t pick this up and visit the website, it will look almost identical to the official website. At this point you will be asked to log into your account by inputting your username and password, which is how your password is received by the hacker.

  • Spear Phishing

Spear phishing is another type of phishing where the hacker creates fake social media pages or online blogs in the name of their persona. The cybercriminal will put in a considerable amount of effort adding mutual friends and populating the pages in order to make the page look more trustworthy and reliable.

This type of phishing is used to give a persona credibility which then makes it easier for the criminal to communicate with victims and deceive them into sharing personal information.

The Reality

The reality is that sophisticated hackers don’t actually need sophisticated software to get your user name and password. Most often, they rely on clever trickery to get you to unwittingly hand over your password.

In essence, a hacker merely needs to have basic web design skills (to create website log in pages), social media skills (to create credible SM pages), and an educated and well-spoken approach to communicating either online or telephonically.

What Can You Do?

Doing regular data backups to a cloud based service that offers data encryption will keep your sensitive information safe, especially if your device or system is hacked and your data is breached. You should also be aware of:

  • Any emails requesting that you change your user name and password by clicking on a link. In this instance close the email, look up the official contact details of the company (do not use the details listed in the email) and make a personal enquiry into the legitimacy of the email.
  • Link attachments in emails, even if the source seems legitimate. Unsolicited emails might not raise a red flag in your mind, but they should.

Ensure that:

  • You have up to date anti-virus software and firewalls in place to flag suspicious behaviour on the device.
  • You update your software and systems regularly to ensure that any bugs and vulnerabilities are consistently updated and eliminated.

Take responsibility for the safety of your data and take action

Educate your staff members on the risks of cyberattachs, phishing and hackers, and always have an alert and aware approach.

Need more advice and solutions to data safety concerns? Contact Soteria Cloud today.

Coronavirus helps cyber-criminals spread their own viruses

To illustrate just how opportunistic cyber-criminals have become and how much integrity they lack, let’s take a look at the latest trend of using fears of contracting the Coronavirus to spread digital viruses. If you just read that and thought “what?” don’t worry, you aren’t alone. It’s rather astounding that criminals would stoop even that low…but rest assured that they do!

Ever opportunistic, cybercriminals have recognised the social media-induced panic in people and appear to be taking full advantage of the situation by sending botnet-driven emails that include malicious malware and viruses.

Latest cyber-threats have seen people receiving emails that infer the attached documents include pertinent information about the Coronavirus.

What do the Coronavirus Cyber-Attack Emails Look Like?

Most cybercriminal-created emails follow a similar pattern  – the main objective is to get the reader to click a link or open an attachment.

The subject of the email simply says “Notification” in Japanese. The email signature includes details of the local public health authority and includes the correct telephone and fax numbers, making them seem quite legitimate. The emails are written in Japanese, as the majority of people affected by the Coronavirus are from Asian areas. These are the prime targets.

There seem to be a number of versions of the emails doing the rounds, all of which appear to be sent from a disability welfare service provider operating in Japan. The email states that there have been confirmed cases of Coronavirus in a particular area. It then recommends that the reader opens the attached document for further details. Of course, opening the attachment is a bad idea.

Why is this Email Attack Working?

Social media has played a huge role in creating widespread fear of the virus. At every turn, the Coronavirus has centre stage on all the various social media platforms, which has been a contributing factor in giving the Coronavirus the fame of a global pandemic.  As with any contagious virus there comes fear, which leads to a certain amount of fear-induced poor judgement.

Last Word

It’s always important to consider how and why an authority would email you. If you are in doubt as to the authenticity of an email, before clicking on any attachments pick up the phone and call the authority to check if they have in fact sent out a notification.

Don’t be a victim to opportunistic cyber-attacks – think twice before opening attachments and clicking on links if you aren’t certain who the content comes from.

What Exactly are Cybercriminals Looking for?

South Africa is not experiencing Cybercrime for the first time. In fact, the general population and businesses have been hearing about cybercrime – and been adversely affected by it – for many years.

Have you ever wondered if you have what a cyber-criminal is looking for? Are you computing habits and behaviours putting you at risk? To answer this question, you first have to know what cybercriminals are looking for in the first place.

Cybercriminals all have an agenda

There’s no such thing as “winging it” as a cybercriminal. There’s a target, there’s a plan, and then there are weeks (sometimes even months and years) of hard work to achieve their goal. Most companies find it impossible to detect a hack attack before it’s too late.

What the Average Cybercriminal Looks for

Industry professionals imply that cybercriminals are looking for scenarios where their work will be hard to detect. Essentially, cybercriminals are searching for the following:

  • Business plans
  • Innovations
  • Opportunities to connect with partners, investors, shareholders
  • Government links
  • University scientific research

To date, the most reliable method for a Cyber-Criminal to hack these particular types of projects and data is – you guessed it – phishing. It’s a sad reality that people are still unmindful that clicking on a link in an email, or opening an unknown attachment to an email, can put them and their organisation at serious risk.

 

What most Cybercriminals do is send out emails pretending to be a colleague, manager, or interested party! When the email is opened and the files with it; the criminal gains access to the victim’s sensitive information.

How to Protect Yourself & Your Organisation

Protecting yourself and your organisation against potential cybercrime is essential. Below are a few tips:

  • Set a Cybersecurity policy in place that determines how members of the organisation are expected to behave electronically/digitally.
  • Educate all the various teams in your business to ensure that everyone is aware of the risks.
  • Use repetition to continually remind staff and team members of possible risks. You can put up warning posters, send out warning emails, and include it in the weekly agenda at staff meetings.
  • Ensure that you do regular encrypted data backups to a remote server; chat to a consultant at Soteria Cloud about this, at your convenience.
  • Don’t allow personal devices to store sensitive company information.
  • Ensure that you have anti-virus, anti-malware and a firewall installed on all computer systems.

Cyber-crime is no longer something that just affects the rest of the world. It is a problem that is very real in South Africa too. Protect your business, assets, research, and sensitive data with meticulous care.