Security Alert – March 2015

Is your company hardened against security threats?

  • Cryptolocker

There’s been a lot of news surrounding network/Internet security in the last month. Cryptolocker-variant ransomware is one of the biggest threats at the moment. If you aren’t familiar with the Cryptolocker malware, it’s a type of software that once installed begins encrypting (digitally locking) all of your files. It only notifies you once it has completed encrypting all the data it can find – and then requests a ‘ransom’ sum of between $200-$600 to un-encrypt (unlock) your data.

The particularly scary part about Cryptolocker is that as of this moment, there is no way to decrypt your data once the malware has run its course. The only current “fix” is to have good backups. Since the malware keeps changing variants every few weeks, it is incredibly difficult to prevent in advance, but fairly simply to recover from, if you have regular backups!

  • Superfish

Another big item in the news lately has been the discovery of spyware shipping pre-installed on IBM/Lenovo systems. This particular spyware (“superfish“) breaks SSL (secure HTTP/Web) connections, and can potentially be used easily by hackers to spoof security certificates when visiting legitimate websites. Luckily, you are most likely only at risk if you’ve purchased a Lenovo system recently. If you are at all concerned that you might be at risk, please contact us and we can evaluate your systems for threats.

  • Phishing

Finally, phishing attacks are even more popular than usual lately. Phishing generally refers to an email or website that attempt to impersonate another legitimate site (or person/sender) in an attempt to obtain some of your personal data. Generally, this includes asking for you to log in before obtaining a file, requesting you send your passwords to your “IT administrator”, or asking for credit card / social security information to “confirm your identity”.

If you are ever unsure that an email you have received may be suspicious, please feel free to forward it to one of our techs at support@bbtechsolutions.com. We would much rather check it ourselves and save you the potential risk than have you worry about your exposure later!

[box] Sources:

Ransomware:

http://threatpost.com/ransomware-looming-as-major-long-term-threat/111265

https://threatpost.com/cryptowalls-haul-1m-in-six-months/107978

Lenovo’s Superfish Spyware:

http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

Phishing attacks:

http://www.itbusinessedge.com/blogs/data-security/impersonating-it-staff-becoming-a-popular-phishing-tactic.html

http://blog.knowbe4.com/spear-phishing-attack-makes-17.2-million-in-three-days

http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=0 [/box]