Crypto-currency Mining: The New Threat

Crypto-currency Mining: The New Threat

There’s a new bad guy in town to go with malware, ransomware, and spyware. It doesn’t steal information, just computing power. It’s illicit crypto-currency mining.

“Mining” may need a bit of an explanation. Crypto-currencies like Bitcoin need to grow over time. The way it happens is by running very processor-intensive code which generates new Bitcoins or Monero or whatever the unit of currency may be. That’s called mining.

People dedicate whole server farms to this activity. Other, less honest people use someone else’s computers to do the work for them. They rely on the usual tricks, such as phishing email and security holes in Web servers, to plant their software. It then runs quietly, crediting the generated currency to the intruder.

This kind of malware doesn’t necessarily steal data, but it’s bad for the victim in several ways:

  • It uses up processing power, slowing down the machine’s intended functions.
  • It increases electrical power consumption, since active processing draws more electricity than waiting for something to happen.
  • It can make the system less stable and cause crashes.
  • It’s very hard to be sure it isn’t also stealing data, so an incident has to be investigated as a security breach.
  • Even if it isn’t stealing data, it could be a conduit for installing other malware.

The Cost of Mining

One computer will generate just a few cents a day in crypto-currency, but a botnet of thousands of machines can add up to a significant amount of money, especially since the victims pay the electric bill.

Incidents of this kind have been happening at least since 2014, but lately they’ve been increasing at a high rate. Recently a hospital in Tennessee was hit by mining malware.

IoT devices are favorite targets, since many of them are easy to compromise and people aren’t likely to notice. The attack methods are mostly the same ones used for other forms of malware, and the security precautions are the same: Be careful with email, create difficult passwords, use anti-malware software, patch applications and operating systems regularly, and so on.

Mining software is usually harder to detect than other malware, since it doesn’t do obvious damage and doesn’t need to send a lot of information back. Listing processes by the amount of computing resources they use will reveal that something odd is going on. It’s one more thing to guard against in a world full of online threats.

Contact us to learn how we can help keep your systems safe in a dangerous Internet.

Tips To Ensure Cyber Security

Automating CyberSecurity

Good cyber security is no doubt an issue that companies and IT experts are grappling with on a regular basis.

Even so, the bottom line is that there are security loopholes posing a risk to existing systems and they need to be closed. For that reason, continuous research on emerging threats and how to mitigate them is critical in securing systems within an enterprise.

Here are a few tips that will help you enhance the security of your systems to guard against possible cyber threats:

Tighten The Security and Remain Vigilant

In most cases, end users are the primary targets of almost every hacker planning to gain access to an entity’s network system. The reason is that it is often difficult to control the documents that each user downloads or every email they choose to open. Each of these actions can introduce harmful malware in the systems in use if workers an enterprise fail to remain vigilant.

Therefore, in-house IT experts, as well as providers of these services, should take the responsibility of educating staff of the dangers of clicking every document or email they receive. On the other hand, end users should adopt a culture of vigilance every time they access the company’s network, to foster successful implementation of this tip.

Ensure Proper Disposal of Sensitive or Confidential Documents

Hackers will use every tactic to try and access the network infrastructure, including going through the trash, otherwise known as dumpster diving. In that case, improper disposal of documents bearing sensitive information as well as CDs and USB drives leaves systems prone to cybersecurity threats too. Hence, shredding confidential documents is advisable.

Also, ensure proper destruction of any physical media you plan to dispose before discarding the same. That way you will protect your network infrastructure from such hackers.

Beware of Exposing Sensitive Information in Shared Meeting Areas

When a consultative meeting or any forum of this kind comes to an end, it is wise to clear the meeting area of anything that may fall into the hands of anyone with selfish motives.

Gathering all copies of graphs and presentations that remain behind and opting to trash such details elsewhere, other than using the trash bins available in conference rooms, are some of the precautions to observe.

If you’re interested in more cybersecurity tips, contact us today!

How Managed Security Services Can Benefit a Business

How Managed Security Services Can Benefit a Business

Having a quality and reliable network is a requirement in order for any business to be successful today. Managed security services can help.

For those organizations that have a network established, making sure that it is properly secured is very important as it will help to protect company and customer data.

For those that are looking to improve the security of their network and IT systems, hiring a managed security services provider would be very beneficial. A managed IT security services provider can provide your organization with a range of services to help protect your data.

Establishment of Security System

When you hire a managed IT security services provider, the first thing that the company will do is help you to establish a new security system. The security services provider will be able to enhance your existing network to ensure it is as secure as possible.

This part of the process will include establishing a multi-layered security service, creating a variety of access controls, and creating a system that will be very difficult for an unauthorized individual to access.

This will greatly enhance the overall protection that you have in place, which will reduce the risks of being hacked by an outside threat.

Monitoring

Beyond establishing a new security system on your network, a managed IT security service will also help by monitoring your network.

The company will be able to complete 24/7 real-time monitoring to identify who is accessing your network or if any suspicious activity is taking place.

The organization will also be able to continue to update your security systems in place based on changes in technology and outside hacking threats.

If you are interested in improving the security of your network, you should contact us to learn more about the products and services we provide as well as how we can help your organization.

How Do You Minimize Human Error in Cyber Security?

How Do You Minimize Human Error in Cyber Security?

If you work in the healthcare industry, then the information you work with is some of the most valuable information to protect with cyber security.

Not only is private and health information a frequent target of cyber security threats, not keeping the information safe carries several costly penalties. Even as security programs and hackers’ workarounds continue to evolve, one consistent weakness is human error.

Here are two ways to minimize human inconsistency in your cyber security measures:

1. Make Training a Priority

A lot of security gaps are things people don’t think twice about. Whether it’s downloading a file, opening an email without double-checking the sender, or even letting a repair technician past the front desk if they give a good reason for being there, human errors are based in convenience and lack of knowledge.

Make sure your employees and coworkers know the security procedures for all circumstances, as well as a list of seemingly reasonable times to deviate from the procedures that could be a trap. Also be sure to give a reason for each protocol: even if they don’t remember the underlying concern, giving people any reason for an action makes them more likely to agree.

Some of the most common traps are encouraging a download to solve a problem or letting in an unauthorized guest because they say why they’re there.

2. Reduce Human Decision Making

Instead of leaving it up to individual employees to judge whether an attachment is safe, integrate malware protection with your email client.

Instead of letting your devices’ operating systems decide upgrade schedules and give prompts for patch installations, follow a set schedule that your network administrator controls. The less variability there is in your IT management, the more secure it will be.

To get even tighter security contact us today.

Managed Security Services: Don’t Be a Victim of Search Engine Hacking

Managed Security Services: Don't Be a Victim of Search Engine Hacking

Search engines such as Google are useful tools for quickly finding web pages that best match the searcher’s needs, but managed security services will save you from getting hacked.

Search engines are highly versatile in that they aren’t limited to finding web pages. By using the right search operators in a search query, documents such as PDF files and spreadsheets can be found and downloaded.

This makes search engines ideal for the hacker looking for easy access to sensitive information or to gather general information about potential hacking targets.

Any type of file with Internet exposure can be accessed provided it has been indexed by the search engines. It’s a simple matter of using the file type search operator followed by a file extension that corresponds to an Excel spreadsheet, OpenOffice spreadsheet, word document, text file, backup file, database file, and so forth.

If the hacker is after passwords, his search query would include any words that would likely be found in such a file including the words “username” and “password.”

A good file type for finding sensitive information might be an Excel spreadsheet, since businesses and individuals make extensive use of them for information records, including passwords.

Many camera devices are controlled from web browsers. These can be found by searching for words commonly used on these pages, or URL strings commonly used for specific camera devices. Controlling the camera amounts to visiting the web page and using the controls to view the area that’s surveilled.

A hacker with good tech knowledge can contrive hundreds of search queries targeting files and web pages containing sensitive data or information that reveals easily exploited vulnerabilities.

Protecting Your Website From Search Engine Hacking

  • Use the robots.txt file. Use the robots.txt file to request that search engines not crawl portions of your website. Search engines should honor this request but you shouldn’t completely count on it.
  • Don’t expose sensitive information to the Internet. Don’t store sensitive information on servers accessible by the Internet. This includes cloud services that lack strong security procedures. Vet your cloud service provider carefully.
  • Password protect web pages not meant for public viewing as well as your spreadsheets and other documents. If such protection isn’t available for a particular document type, don’t use it.
  • Use a modern website. Some of the earlier websites stored login passwords in unencrypted form in text files.

Finally, get help from professional security experts such as those at WheelHouse IT. To learn more about keeping your data safe and about our managed security services, contact us.