Update To Popular Android App Included Malware Infection

Do you use the popular Android app, "Barcode Scanner?" If so, you're certainly not alone. The app has racked up more than 10 million downloads on Google's Play Store and is one of the most popular apps in its class.

It's a simple, straightforward bit of code that does exactly what it sounds like it does, which is why so many people have come to rely on it over the years.

Unfortunately, Google recently pulled the plug, removing the app from the store after it had been there for years. The reason? Sometime during December 2020, an update to the code saw the injection of malware.

Many users give the apps they use regularly a fairly free hand when it comes to downloading and installing updates. In this case, if you let your Barcode Scanner auto-update, the update installed a nasty Trojan on your smartphone that allows hackers complete control over the device. Not good.

Among other things being reported by users who have been impacted by the update are:

• Default browser changing
• New default browser opening with no user intervention and surfing to different, usually ad-intensive pages.
• And displaying ads touting the supposed benefits of other apps that are thought to contain malware.

As bad as those things are, they're not as bad as they could be. Had the malware's owners wished, they could have done significantly more damage than that.

Even so, the app has rightly been pulled from the Play Store and if you have it installed on your phone but haven't allowed it an update in a while, your best bet is to uninstall it and find an alternative that's not brimming with malicious code. Kudos to Google for taking swift action, even if it meant the sudden end of an app with a multi-year history as a safe, reliable product.

Call SpartanTec, Inc. now and if you are looking to outsource IT support Wilmington NC to keep your company safe from malware and other cybersecurity threats.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Why CFOs Need to be Drivers of Security Stewardship

 When a natural disaster hits, communities are often caught off guard and have to rush to respond. More often than not, these communities didn’t anticipate the disaster and therefore are operating in reactive mode. If they had planned ahead, much of the trauma and impact of the disaster could have been mitigated and controlled more quickly.

The same challenge can apply to an organization that experiences a security breach. CFOs and Board members are always keeping an eye on costs and are focused on appropriate budgeting and spending to meet bottom-line targets.  However, if a meaningful security breach happens, expense controls can go out the window as companies desperately try to close the breach, bring systems back online, and beef up previously lacking security defenses. Even worse, the brand is affected and top-line sales are often lost.

The cost of cybercrime to corporations has skyrocketed, but investments in security simply haven’t kept up. The typical company only spends between 1-5% of revenue on IT security, which seems small when compared to the risk of lost sales, productivity, and brand damage associated with a breach.

 

 

Think of one of the most massive security breaches ever that happened a few years ago at a national retail chain. Following disclosure of their breach, the company’s sales declined, causing the company to miss their Q4 guidance. Customers were terrified about their financial privacy, the company’s stock fell, and the CEO was fired as a result.  There have been many since, from medical and government organizations, to all types of global businesses. Each time, valuable information is lost and C-level leaders often lose their jobs or face tough scrutiny.

Cost is not the only issue.  Another key concern is the current shortage of skilled security professionals, Cybersecurity has no national boundaries, and we are seeing increasing attacks targeted at emerging economies. In fact, two of the highest profile breaches of this past year were not because of their lack of security investment, but due to the lack of skilled professionals. In addition, new security regulations are being implemented, and companies including Board members - will be held accountable if they do not meet these new requirements.

Today, the reality is that when dealing with a security event, the majority of organizations continue to work in reactive mode. We need to step away from merely managing breaches and start working to develop a culture of security, moving out of reactive and into proactive mode.

One could argue that the role of the C-suite, and especially that of the CFO, has transformed with respect to this trend.  The CFO in particular could very well now be called the CPO – Chief Protection Officer. If you think about it, cybersecurity Wilmington NC potentially puts a company’s finances and value at risk, challenges compliance and regulatory strategies, and increases the need for mature policies and practices that safeguard a company’s data and overall security. A CFO as a strategic business and risk management executive should have significant oversight and guidance in these areas. They are no longer “IT only” considerations.

Not Just Responsibility But Stewardship

It has now become table stakes for the CFO and Board to be at the forefront of proactive approaches to security in modern organizations. Although there are ways that security staff and organizations can mitigate the damage resulting from increasingly frequent and sophisticated attacks, they don’t control the budget, and as the old saying goes, an ounce of prevention is worth a pound of cure.

There are more than a few naysayers who claim that the cost of adequate security is more than the cost of recovering from a breach. This is not, however, a sustainable or responsible approach. All evidence indicates that breaches will become more frequent, attacks will become more persistent and sophisticated, and the costs of reacting to these breaches will continue to increase. Clearly, brands, jobs, and share prices are all at risk.

Why Security and Stewardship Go Hand In Hand

Stewardship goes far beyond making money or ensuring the financial success of an organization. It means caring for and protecting the long-term interests of the company, and thinking holistically about the diverse stakeholders touched by the business. However, when it comes to security, the traditional stewards of the organization are not always equipped with the necessary perspective, skills, or knowledge to do this. As a result, security often ends up being viewed as a cost center rather than an essential element of risk management.

But if stewardship is really about the protection and oversight of a company’s assets, both tangible and intangible, then the most critical assets are data, IP, reputation, customer trust, and loyalty. Which means security needs to be a central pillar of that stewardship. Because, as we have seen all too frequently, poor security can undermine or destroy all of these assets, and instead create a loss of value through unnecessary volatility.

More importantly, as stewards of their respective organizations, Boards and executives have a responsibility to their customers, their intellectual property, and their shareholders to ensure the safety and security of their data and systems. Again, this ultimately comes down to thinking about security as a stewardship issue to be addressed directly by the Board.

We Can Never Eliminate Risk

We can never entirely eliminate risk. It is inherent in everything we do. Given the low cost for cybercriminals to generate a data breach, the difficulty in locating and prosecuting them, and the lucrative reward of a successful breach, it’s safe to say there will always be attacks and attempts at data theft.

However, just because we can’t eliminate risk doesn’t mean that we can’t manage it. This has always been a key function of the Board – assess risk and make appropriate tradeoffs to manage it, while considering the impact across the organization.  Security is no different. IT departments can, and should, consider what innovation must be applied to protect the business – for example, pursuing the implementation of new, essential strategies, such as internal segmentation should be their area of expertise.  But prioritizing what business assets should be accessible by whom, both within and external to the business, must be the purview of the Board, and should be the determination that then leads to action by IT.

In conjunction with the CISO and the rest of the C-Suite, the Board must consider and proactively manage security versus many other factors, including cost, performance, agility, resource allocation (including talent), autonomy and empowerment, strategic initiatives, projects and planning, and go-to-market.

Out of IT and HR and into the Boardroom

Additionally, some of the most critical areas for consideration are policy and information governance. These are areas where the Board and senior leadership can really make a substantial contribution to an organization’s security. While the technical details can be worked out by a well-funded, savvy, and empowered IT department, and HR and other line of business staff can address specific elements of policy and procedure, high level decisions on policy and the organization’s approach to information security needs to come from the offices of C-level executives.

As the arms race among cybercriminals, nation-states, organizations, and the security community heats up, this fundamental shift in approach to cybersecurity will not only keep the good guys one step ahead, but also ensure that organizations can respond swiftly and appropriately when breaches occur. And if recent history has taught us anything, it’s not a matter of if but when they will occur.

 

*Originally published by American Security Today on August 4, 2016.

https://americansecuritytoday.com/cfos-need-drivers-security-stewardship/

 

Call SpartanTec, Inc. now to know more about our managed IT services and DarkWebID Monitoring Service.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Top 7 Cybersecurity Predictions For 2021

2021 is just a few months away. What will the cybersecurity landscape look like for businesses? What will be the main considerations, risks, and focuses for the New Year for cybersecurity professionals and leaders. Here’s a list of top 7 cybersecurity predictions that may affect cybersecurity experts and enterprises.

Cybersecurity Predictions for 2021

Remote Workers Will Be The Target of Cybercriminals

Cybercriminals will follow users and attack them by exploiting their habits and behaviors. Cybercriminals made the most out of the disruption caused when employees were given stay at home orders and the changes made to how they use their devices and technology. Hackers launched various attacks including ransomware, vishing, and phishing, all of which targeted the gaps in the security postures of companies, since many of them were not prepared to have a secure remote workforce.

VPNs and other Legacy Security Architectures Are Expected to Be The Weak Link

To improve the remote operations quickly while following the stay at home orders, a lot of companies considered legacy security architectures such as VNPs as their best solution for remote work. Unfortunately, VPNs are not long term solutions since they can hinder productivity, introduce latency, hard to scale, and can provide employees with too much access to a company’s internal resources. VPNS can also be exploited by cybercriminals.

 

 

CISOs and CSOs Will Search For Convergence In Security Solutions

IT spending dropped in 2020 and this will continue next year. Despite the lack of budget, security leaders still have to close the online transformation gap in their companies. Because of that, simplicity and convergence will be important. CIO/CISO/CSOs will go for technologies that include several services into a single platform in order to have a bigger cost savings.

Data Breach In The Health Sector Will Be Deadly

The health care industry is working double time to fight the pandemic but they also faced massive financial strains. Despite everything they’re going through, cybercriminals will continue to target health care providers and hospitals through ransomware attacks so they can’t provide care to their patients.

More Attacks Coming To Financial Sector

Companies offering financial services must be careful and step up their cybersecurity Wilmington NC efforts. Cybercriminals will continue to target financial data including banking details and social security numbers. That’s why financial organizations must be proactive in protecting their data.

COVID-19 Will Force More Companies To Enter The Digital Sphere

The global pandemic has forced industries and organizations to accelerate their efforts in digital transformation. Remote work as well as other technological transformations that were brought on by the stay at home orders will continue even when the pandemic is over. They will offer companies more cost savings, flexibility, and edge.

New Technologies Rise, More People Will Be At Risk of Data Exposure

There will be more internet users in the coming year and most of the companies will continue have their employees work remotely. These trends mean there will also be an increase in the number of people and organizations that are at risk of data exposure.

Companies are relying on their IT systems more than ever. With more than half of businesses offering some capacity for remote work, they are using virtual desktops, accessing common drives online and connecting via video conferencing to achieve this.

With 2021 fast approaching, now is a great time to assess different co-managed IT providers to find one that best meets your IT and business needs. SpartanTec is here to help and will provide you with a free consultation and assessment to get you started.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Hacked Networks And Credentials Being Sold At Alarming Rates

 

Selling network access is big business on underground hacking websites. Even worse, the business is growing at an alarming rate, according to a report recently published by cybersecurity firm KELA.

According to their report, the number of ads found on hacking forums advertising 'Network Access' tripled between August and September, 2020.

The value of the login credentials sold during the most recent month was valued at more than half a million dollars.

Ads like these have been a staple of hacking forums for years, but they gained a tremendous amount of popularity in mid 2019, when a number of vulnerabilities in major networks around the world were disclosed.

 

 

Hackers around the world were quick to pounce, often attacking vulnerable networks. Once a network had been breached, the next logical step from the perspective of the hackers, was to figure out how to monetize the access they had gained.

That, of course, led to a surge in ads, which allowed hackers who lacked the 'street cred' and reputation in the cloistered hacking community increased access to compromised systems around the world. This, in turn, led to yet more attacks against vulnerable systems, which is at least part of the reason we're seeing so many attacks today.

The price a hacker can get for access to a compromised network obviously varies from one to the next. KELA found some network access being sold for as little as $25. At the top end, access to a major network with a global footprint can go for more than $100,000, with the average being just shy of $5000.

This is why hackers do what they do. There's big money, not just in accessing your data, but also in selling future access to it. Stay vigilant, this is a problem that's not going to go away.

 

Call SpartanTec, Inc. now if you want to make sure that your business is protected from hackers and other online threats. Our team will set up the most effective cybersecurity Wilmington NC measures to make sure that your personal and business credentials are safeguarded at all times.

 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Post COVID-19 Era's Effects On The Cybersecurity Landscape

COVID-19 has changed the lives of people across the globe and individuals as well as organizations have to protect their confidential data. Although some changes are temporary, there are others that have long lasting impact. The pandemic forced employees to work from home, schools to close, and gave rise to different online scams. These rapid and drastic changes have emphasized the need for improved individual and organizational cybersecurity practices.

As the world becomes increasingly dependent on computer networks, there’s an immense need to improve virtual security and privacy rights protection. The unforeseen transition to a work from home setting has brought about vulnerable points on which cybercriminals will focus on. Employers now need to depend on communication technologies that are not as secure as expected. Additionally, there has been an increase in malicious activities in the cyberworld like phishing emails and online scams. In order to decrease the liability and vulnerabilities, individuals and companies must reconsider their security policies and practices, and their privacy.

Although security measures need investment upfront, the cost of the data breach in the U.S. reached about $8.19 million back in 2019. Apart from the expenses to responding to data breaches, there’s also a trend involving recovery from lawsuits. If you wish to avoid the risks as well as the liabilities, employers and companies have to take precautionary measures.

 

 

Concerns Involving Remote Work

Companies that have moved part or all of their employees to remote work should think about how they will accomplish reasonable security. For many firms, this implies IT services that include the use of multifactor authentication and virtual private networks along with firewall and anti-virus software. Apart from these tools, companies should also think about other security controls like training and policies. As COVID-19 forces more workers to work from home, these trainings and policies must take into account this new reality, from taking into account the physical privacy and physical security of home offices to using third party protection devices. Whether you have a small or big company, you have to take into account your capabilities and what you can ask of your employees.

There’s no single policy or tool that will be enough for all the settings. A perfect security isn’t a practical goal either. Companies have to adopt a defense in depth strategy against the possibility of a data breach or cyberattack. Any cybersecurity strategy will need a thorough understanding of the conditions under which your staff are working. Remote work arrangements must use technical controls to secure and encrypt data, prevent unintentional mistakes as well as malicious attacks, and determine the need to use both technical and physical security controls.

In developing cybersecurity practices that are more effective, companies have to recheck the kind of data they keep, send, and otherwise possess or with their 3rd party partners. Companies that handle sensitive data, which must be broadly understood as the total sum of the controlled data, must use stronger and more efficient security measures. Aside from that, IT consulting experts say companies need to minimize the data they collect and save so they won’t look attractive to cybercriminals.

Cloud Computing

The pandemic has also driven companies to rely more on cloud computing. It involves the utilization of remote services to save, manage, and process data. Cloud computing could offer a lot of advantages to companies through lower IT services costs and easier collaboration on remote work. As companies have closed their doors or moved to remote work, cloud computing has become more valuable.

However, cloud computing also comes with its own risks that concerns the integrity, confidentiality, as well as the availability of information. Companies, like those in jurisdictions and industries that are well regulated, that utilize cloud computing services should know the security practices of their service providers. Newer regulations and laws have started to hold companies in a wider range of business sectors that are responsible for the cybersecurity practices of their business associates.

Online Fraud and Cyber Extortion

The COVID-19 pandemic has also caused malicious actors to become more responsive. Cyberthreats are on the rise including ransomware attacks and phishing campaigns. Cybercriminals have made the most out of the confusion, inaction, and uncertainty brought on by the pandemic. The work of cybersecurity teams and professionals were made more complicated by the pandemic as well. Even though some work can be done remotely, there are others that need to be performed hardwired or face to face.

 

Call SpartanTec, Inc. now and let our team of IT experts develop the most effective cybersecurity strategy to keep your business afloat and safe from potential online attacks, especially during the COVID-19 pandemic.

 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Covid-19 Researchers Come Under Attack By Hackers

A number of prominent hacking groups made a gentleman's agreement with research labs that are attempting to develop a vaccine for the deadly COVID-19 virus currently ravaging the planet.

The agreement was promising that no attacks against research facilities would be made. Unfortunately, not everyone is playing by those rules.

Recently, intelligence agencies in the US and Europe as well as cybersecurity researchers around the world have spotted evidence. They found that Russian hackers believed to have ties to the Russian government, have begun attacking R&D centers that are actively working on a cure for the virus.

The attacks have been attributed to APT29, which is also referred to variously as The Dukes, Yttrium, or Cozy Bear. This group's normal targets are government installations, think tanks, energy companies, diplomatic corporations around the world, and healthcare organizations.

The National Cyber Security Centre (NCSC), out of the UK, recently published a security advisory that reads, in part, as follows:

"Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines."

The advisory goes on to detail that APT29 is initiating these attacks with spear phishing.

APT29 is also exploiting several known security vulnerabilities, including those found in:

• Citrix (CVE-2019-19781)
• Pulse Secure (CVE-2019-11510)
• Fortigate (CVE-2019-13379)
• Zimbra Collaboration Suite (CVE-2019-9670)

The frustrating thing about this is that patches for all of the cybersecurity Wilmington NC flaws listed above already exist. It's just that too often, the IT professionals working in R&D organizations have been slow to apply them, leaving research stations around the world vulnerable at a time when they're conducting critical research that could stop the global pandemic in its tracks.

Once APT29 gains a foothold on a targeted network, they install a pair of custom malware applications called 'WellMess' and 'WellMail,' both written in Golang. If your firm is in any way connected to ongoing COVID-19 research efforts, stay on the alert for this one. It's a serious threat indeed, and the attack is coming from one of the most dangerous groups of hackers on the planet.

Keep your business safe from hackers and other potential online threat. Call SpartanTec, Inc. now and let our team of IT experts set up the most effective cybersecurity measures for your company.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro

5 Biggest Cybersecurity Threats That Small Businesses Face

Large enterprise and small businesses are at risk from cybersecurity threats. However, a lot of people think that small businesses are too small to be targeted by hackers. But that’s not the case.

As cyberattackers automate their tasks more, it is very easy for them to set eyes on hundreds and even thousands of small businesses all at once. Small businesses tend to have less stringent cyber defences, are less aware of potential online threats, have less resources and time to spend for cybersecurity Wilmington NC. All these make them easy targets for hackers compared to bigger firms.

However, at the same time, they are also lucrative targets. Even the smallest business can provide large sums of cash, or have access to a lot of customer data, which under GDPR or other regulations, they need to protect. Small businesses tend to work with bigger firms, and so they could be used by cybercriminals as a way to target all those companies.

Small business have a lot to lose if they get hit with a cyberattack. A report showed that companies with below 500 employees tend to lose around $2.5 million for every attack. Losing this amount of cash in a cyberbreach is going to be devastating for small businesses, not to mention the damage to the reputation, which comes from getting hit by a cyberattack.

That’s why small business have to be aware of the threats and how you can stop them.

Top 5 Security Threats and How To Avoid Them

Phishing Attacks

The most widespread, damaging, and biggest threat that small businesses face are phishing attacks. They account for about 90% of all the breaches faced by organizations. They have increased by 65% over the past year and they are responsible for more than $12 billion in business losses.

A phishing attack takes place when an attacker pretends to be a well-known and trustworthy contact, and encourages a user to download a malicious file, like, or provide access to confidential information, credentials, or account details.

You need to have a strong email security gateway to prevent phishing emails from getting to the inboxes of your employees. You can also add post delivery protection to secure your small business from phishing attacks. These solutions will let you report phishing emails and then permit admins to get rid of them permanently from the inboxes of all your employees. Security awareness training is the final layer of security against phishing attacks. With this, you can test and train your employees on how to spot phishing attacks. They will also be informed on how to report the incident.

Malware Attacks

The second biggest threat to small businesses is malware attack. It includes different cyber threats like viruses and Trojans. It is a varied term for the malicious code that hackers make to get access to steal data, get access to the network, or to get rid of data on the network. Malware may come from spam emails, connecting to other infected devices or machines, or from malicious website downloads.

These attacks can be very damaging for small businesses since they could cripple machines, which needs expensive fixes or replacements to repair. They could also provide attackers access to data, which could put employees and customers at risk. Small businesses tend to take advantage of people who use their own computer or devices when working, because it helps to save cost and time. But this boosts their chances of facing a malware attack because personal devices are more at risk from malicious downloads.

You can prevent malware attacks by setting up strong technological defenses. Web security is crucial as well as endpoint protection solutions.

Ransomware

Another common type of cyberattack that hits hundreds, and even thousands of businesses every year is ransomware. They have grown more common lately, because they are lucrative types of cyberattacks. Ransomware will encrypt company data and can’t be accessed or used unless the company pays the hacker a ransom. The company will be left with a hard choice. Will they pay the ransom and lose a lot of money or be forced to shut down their services because of data loss.

Business have to set in place strong endpoint protection across all of their devices. These will help stop these ransomware attacks from encrypting data. You should also set up an efficient cloud back-up solution because it could help mitigate data loss. There are many different ways of data back up for businesses, so it is crucial to research the best method for your organization.

Weak Passwords

Another major threat that small businesses face is employees using easily guessed or weak passwords. Several small businesses use several cloud based services that need various accounts. These services may contain financial information and confidential data. You should consider using business password management technologies to make sure that your employees always use strong passwords. This can also help your staff in managing passwords for their accounts, recommending passwords that cannot be cracked easily. You should also implement multifactor authentication technologies.

Insider Threats

The insider threat is caused by actions of current and former employees, associates and business contractors. They could access crucial data about your company that could lead to harmful effects through malice or greed, or just carelessness or ignorance. Insider threats is a growing problem. It can put your customers and employees at risk or cause financial damage to the company. As small businesses grow and have more employees, the insider threats also grow.

In order to block these insider threats, small businesses have to make sure that they impose a strong security awareness culture within the company. This can help prevent insider threats that are caused by ignorance and assist employees to detect early on if an attacker if an attacker is trying to compromise your company’s data.

There are countless threats facing small businesses these days. The way for your company to protect against these online threats is to have a set of security tools in place. Call SpartanTec, Inc. now and let our team help improve your company’s cybersecurity.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro