2023 was definitely the year that AI became a household name. We’ve barely seen what artificial intelligence is capable of, and while industries are still coming up with more ways to use the technology, we’ve already seen countless examples of how people want to take advantage of AI for less savory purposes. 2024 is already shaping up to be the year that businesses need to protect themselves from AI-generated cybersecurity threats. Let’s take a look at everything you need to know as a business owner.

Chances are your business has a social media presence in at least some capacity, as it’s a good way to drive traffic to your business. However, hackers want to leverage this benefit against you. A new malware specifically targets Facebook business accounts to launch malicious advertisement campaigns using your own money against you.

The Internet is pretty great. You can watch videos of cats being weird, and then watch the London Philharmonic Orchestra perform Stravinsky’s Rite of Spring. Then you can go on Reddit and learn how to replace the drywall in your bathroom. Just another typical Sunday afternoon with the Internet, right? 

Unfortunately, the Internet isn’t always perfect. It can be pretty dangerous, and we’d like to share some surprising terms that can lead to dangerous websites and malware if you search for them on Google.

It’s important to keep the software on your computer updated. If your operating system or web browser or some other important application is out of date, it could lead to things not working properly while also leaving you susceptible to threats. However, hackers are disguising malware to look like important web browser updates.

I hate to be the bearer of bad news, but when it comes to cybersecurity threats it’s kind of hard not to be. I used to look at it from two sides; one side is fascinated at the innovation and intensely brutal ways that high-end cyberattacks work, and the other side of me loses sleep at night worrying about these risks affecting our clients, prospects, and even my own business. This one particular classification of cyberattack, however, takes the cake for being especially frightening.

Ransomware is one of the more dangerous threats out there for businesses of all industries and sizes. To help emphasize just how dangerous it is, however, you have to look past the initial threat of having to pay a ransom and look at the other risks associated with it. We’re here to try to get the point across that ransomware is something your business should absolutely be taking seriously.

Ransomware is such a common occurrence these days that it has entered the public discourse, but we also want to note that it’s such an important topic to discuss with your team that you can never talk about it enough. We want to address some of the most common questions we get asked about ransomware and what can be done about it.

In today’s business, the more robust an IT network is the more risk there is of system failure. This comes down to what is known as Murphy’s Law, which states anything that can go wrong, will go wrong. That’s why when coming up with a defense strategy, you need to mix smart IT management decisions with overwhelming redundancy to have a chance. In this week’s blog, we will outline some of the most common reasons for system failure and why you need a data backup solution.

There is a lot made about ransomware, for good reason. It is quite simply one of the nastiest cyberattacks out there and it demands your attention. A lot of people understand what exactly ransomware sets out to do, but they don’t understand how it got that far and how to address the situation if they have the misfortune of being put in that position. 

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.

This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.

Excessive Permissions

Data security is a priority for many people, but even amongst them, mobile applications often aren’t even considered a potential threat to their data. While you should ever only download applications from an official application store, some attacks can potentially slip through the vetting process to be distributed via these means. Therefore, it is important to carefully consider every application you have installed and the permissions that each one demands. If these permissions seem excessive for the application’s needs, reconsider if the app is necessary to use (chances are, it isn’t). This helps protect you against the tactic that many cybercriminals use: getting a harmless app to the store, and then turning it malicious with an update once it is downloaded.

Spoiler Alert: Macs Do, in Fact, Get Malware

Not to be juvenile about it, but duh. A computer produced by Apple can just as easily be infected by malware and ransomware, just as they can also experience any of the other problems that a PC user would. Hardware failure, slowing with age, crashes, data loss—these and so many other issues can be seen in a Mac.

Lock. Everything. Down.

Did you know there are entire websites out there, devoted to providing the default factory passwords for different devices? They aren’t on the Dark Web, either - this is on the visible, indexed Internet. Imagine if I were to come in with some idea of what brand of routers you had… if I had the right default credentials with me, I could easily access your router and wreak havoc in your business.

You need to consider every potential access point into your business and ensure it is properly secured. The same goes for any online accounts associated with your business, like cloud storage. Take the time to make sure that everything is secured with a password that meets best practices, and if memories are an issue, use a reputable password manager to simplify the task for your employees.

This also goes for your physical location. Many access control solutions exist that enable you to keep track of who accesses a certain area, and when, with the added benefit of keeping those without authorization out.

Keep Your Antivirus Updated

Many people may assume that, once they’ve installed an antivirus/antimalware solution, they are all set. The trouble is, more malware is being developed all the time, and there’s a good chance it is being developed to help the malicious software get past your antivirus. As it happens, the developers of the antivirus are aware of this, and frequently add new threat definitions to the software to make it more effective.

However, all the threat definitions in the world will do diddly-squat if your antivirus solution isn’t updated to include them. This is why it is important to keep an eye on your network’s health and take the time to check that you have the latest definitions included.

Keep a Backup

Finally, you have the nuclear option against malware… mutually assured destruction, that only you can recover from. That is, as long as you’ve been maintaining a proper backup.

If you should fall victim to a malware infection, completely wiping your devices and quite literally starting from scratch with them is your best hope of getting rid of it. However, in order to keep yourself from crippling your own business while doing so, you need to maintain an ace in the hole. By keeping a backup that passes best practices, you can be sure to have your data if you have to sacrifice your original copy.

Coleman Technologies can help you do all of this, and more. Reach out to us at (604) 513-9428 to learn more.

Meet xHelper, The Malware That Refuses to Go Away

As of right now, it is suspected that xHelper has infected around 50,000 devices, which is a big number, but relatively low when it comes to malware of this type. The big names in cybersecurity, Symantec, Malwarebytes, and the like, don’t have any clear answers on how to actually remove the threat. If that’s not enough, deleting everything on your smartphone and doing a factory-reset won’t remove the malware either. Once you set your device back up, the threat will be back.

What Does xHelper Do?

We have good news and some bad news. The good news is that right now, it seems that xHelper just gives you annoying pop-up spam and notifications. It’s goal? To get you to install more applications, and likely these applications could come with additional threats.

It is also suspected that xHelper can download and install apps on its own. It hasn’t been officially detected doing this in the wild yet, but if it could do that, then you would essentially lose control over your device.

Don’t Forget, You Can’t Get Rid of xHelper Once You Get It

As of right now, there is no way to uninstall xHelper, and even resetting your device to factory settings keeps the malware installed. There is essentially no help for you other than getting a new phone, or waiting for Google or one of the major players in cybersecurity to figure out a way to remove it. This could take a while…

For Now, All You Can Do is Avoid Getting xHelper

The malware seems to get installed from scammy websites. The app isn’t found on the Google Play Store (at least at the time of writing this). Only install apps from the Google Play Store, and never from any other website. Google has a vetting process that keeps most apps on the Google Play Store relatively safe (it’s not a perfect system, but it does weed out most of the danger).

When it comes to cybersecurity, the best place to get started is being aware of the threats and employing safe habits. That, and ensuring that your business data is thoroughly protected. Don’t wait for a problem to happen, give Coleman Technologies a call at (604) 513-9428 today.

Before we get too deep, we want to emphasize that there are two primary categories for threats to your business: external and internal.

External

External threats are those that come from outside your business’ network. The majority of threats will fall into this particular category, and it contains a lot of big names that you have likely heard in the past. Here are a couple of examples of threats to your business, as well as what they can lead to:

• Viruses/Malware: these are malicious bits of code or full-blown software programs that can be customized by hackers to perform a certain role. It would take far too long to list off everything that can be done with these kinds of threats, as the options are literally limitless.
• Ransomware: Sometimes malware will encrypt the user’s files and demand payment for the decryption key. Without access to important files, businesses might crumble under the pressure, losing both money due to the payment and a little bit of dignity in the process. In cases like this, it’s important to never pay the ransom, as it only serves to fund further attacks.
• Spam: Hackers like to send countless emails with threats attached to them, hoping that someone will download them and expose their organization’s network to threats. Spam can be prevented for the most part, but if left unchecked, your business could wind up installing threats on your network by accident.

Internal

Internal threats can come from the most unlikely sources, as even the most well-meaning employees could accidentally expose your business to potential threats. Furthermore, there could even be more sinister forces at work with employees potentially trying to actively sabotage operations. Here are some ideas for threats and what could happen from them:

• Phishing Attacks: Your users are your weakest link. While you might think that you have an understanding of adequate security practices, they may not, leading hackers to utilize underhanded tactics to leverage this to their advantage. Phishing attacks convince users to click links, download attachments, or provide credentials/sensitive information.
• Account Hijacking: Let’s say an employee’s account is hijacked by an external threat. You might see account activity from your employee, but how do you know that it’s not someone else using their account? Data could be stolen, or worse.
• Access Control: Have you ever fired an employee? Have they ever resented you for it? Chances are they may have felt the urge to go into their old accounts and cause some trouble. These internal threats could lead to embarrassing situations, as well as a loss of control over certain types of data. It’s up to you to cut off access as soon as you can.

Does your business need help maintaining security and keeping track of the countless threats out there? Coleman Technologies can equip you with the best security measures on the market. To learn more, reach out to us at (604) 513-9428.

What Is Phishing?
Phishing scams can be considered any digital attempt against your organization to extort credentials or other important information. The method doesn’t really matter, though it does change the way that phishing is identified. For example, more targeted attempts at specific individuals are called “spear phishing,” whereas impersonating a company’s CEO is considered “whaling.” Either way, the end result that the phishing attempt hopes for is that someone will fall for their tricks.

Vectors for Attack
The first thing to remember about phishing attempts is that they don’t happen exclusively through email. They can come in a variety of ways, including through social media applications, phone calls, and other outlets that you might not suspect without a little predisposition toward them. Here are some of the most common ways you might encounter a phishing attack:

• Email messages, where senders spoof addresses and try to convince users that they are someone important to your organization.
• Phone calls, where callers impersonate someone you know or someone of authority, like a government official or business leader.
• Social media messaging is a more personal method of phishing in which identity thieves try to impersonate people you know in your personal life.

The Giveaways
A good rule to keep in mind is that phishing attacks tend to be rather suspicious in nature. For example, if someone who doesn’t normally send you messages suddenly reaches out, and it’s seemingly uncharacteristic of them, be a little suspicious--particularly if they are using language that seems unlikely. Here are some other tips to identify phishing attacks before they have enough of a chance to be dangerous:

• Spelling and grammar errors: More often than not, spelling and grammar errors in phishing messages are quite commonplace, and they signify that something is not as it seems. If you see lots of these errors, you need to be very careful about navigating the messages.
• Immense sense of urgency: If the message prompts you to take action immediately, either out of fear or because it tries to convince you it’s in your best interest, approach it with an extra side of caution. Phishing attempts try to get users to take action as soon as possible; this means that users aren’t thinking things through or discovering that the message isn’t legitimate.
• Suspicious account activity: On social media, if you have a friend who you haven’t heard from in a very long time, chances are it’s not actually the friend reaching out to you if they need money or want you to click on a link. In cases like this, always use discretion.

To limit the damage done by phishing attempts, consider the following measures:

• Implement a spam blocking solution. While it might not help with more specialized phishing attempts, it should limit the most generic ones.
• Educate your employees--this point speaks for itself. If users know what to watch out for, they will be less likely to make mistakes that expose sensitive data.

Does your organization need a way to protect itself against phishing attacks? We can provide your business with the training required to best secure itself. To learn more, reach out to us at (604) 513-9428.

Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million.

How Could My Asus Laptop Get Hacked?

This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now.

The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack.

What Do I Do Now?

First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date.

If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed.

Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool.

We HIGHLY encourage you to reach out to Coleman Technologies if you are running any Asus hardware. It’s better to be safe than sorry.

Your Computer Can Make You Money?
Certainly you’ve heard of cryptocurrency, which is a type of currency that is “mined” from a computer. The most common cryptocurrency is Bitcoin. Bitcoin is generated by computers that crunch through numbers. Some organizations have warehouses full of high-end servers that are constantly mining for Bitcoin. The average computer can’t really handle this task, but with enough of them, hackers can start to receive a considerable sum.

Why Is This Dangerous?
Cryptomining is dangerous particularly because of how intensive the process is. It can take a toll on the average device if it’s left unchecked. As previously stated, it takes an exceptionally powerful machine to effectively mine cryptocurrency. This causes the device to experience an abnormal amount of wear and tear. Over time, you’ll notice that your device will start to decrease in efficiency and slow down.

Other ways that this might affect a business is through the immediate costs associated with cryptomining affecting your hardware. You might notice an abnormally high electricity bill from a server being influenced by cryptomining, or a cloud-based service working too slowly. Either way, the end result is a negative effect for either your employees or your customers.

How You Can Protect Your Business
If you’re looking for cryptomining on your network, be sure to keep an eye out for suspicious network activity. Since the malware will be sending information over a connection, you’ll be able to identify suspicious activity during times when there shouldn’t be as much activity on your network. In this particular case, the data being sent is small, making it difficult to detect for businesses that transmit a lot of data.

Security professionals are turning toward machine learning to detect and eliminate cryptomining troubles on networks. Machine learning can analyze a network’s traffic for the telltale signs of cryptomining software. Another method is to use a SIEM solution that gives network administrators the power to discover consistent or repetitive issues from potential malware.

To keep your business safe from the looming threat of cryptojacking, you should implement measures to ensure all common methods of attack are covered, including spam, antivirus, content filters, and firewalls. To learn more, reach out to us at (604) 513-9428.