Tag Archives: Security

Can Mac’s Get Viruses?

Posted on by

You may have heard that Macs are safer than Windows PC’s when it comes to cyber security and that is partly true. But it doesn’t mean they’re completely safe. Can Macs get Viruses? The likelihood of catching a virus whilst using a Mac computer is increasing. There are now more threats to Mac users than ever before. Here’s everything you need to know.

Q: Can Mac’s get viruses? A: Yes.

For a long time, it was widely believed that Mac’s were safe from viruses. This belief was supported by the creators, Apple. For years Apple used ‘Macs don’t get viruses’ in their marketing and on their website. It wasn’t an unsubstantiated claim.

They have historically had a smaller share of the market, making them less of a target. The integration between their software and hardware has always had the benefit of being harder to penetrate. And since the arrival of macOS X, they have had built in security measures, particularly for preventing malware getting on to the computer.

This has made it pretty hard to install something malicious onto a Mac computer. But they don’t make the ‘we don’t get viruses’ claim anymore. Because unfortunately it’s no longer true Mac’s can get viruses!

Can Macs get Viruses

Think you’re safe because you have a Mac? Think again: more Mac malware was detected in 2019 than viruses for Windows.

The real danger

Arguably the real danger facing Mac users is that they are unprepared. The assumption that you are safe simply because you are using a Mac actually leaves you more vulnerable to an increasing number of threats.

As useful as the in-built security features are, they only do so much. There are ways for seasoned hackers to bypass them and they don’t block all potential threats. As Macs have become more popular and the number of users has grown, so have the number of threats they face.

The safest option is to assume that you could be vulnerable.

What threats might you face when your Mac gets a virus?

The threats, like with any computer user, range from simply annoying to potentially devastating. Sometimes, something which seems as if it’s just annoying could actually be much worse. Here’s a few examples of what you could face.

ADWARE
Adware could be any unwanted program or pop up that displays unwanted ads. Often these can lead to malicious websites that could then deliver spyware – a program which tracks activity online and steals information, used for fraud or theft. Even a benign pop-up can be annoying and intrusive and hamper the day-to-day use of your computer.

TROJAN HORSES
Trojan horses hide a malicious software within an otherwise nonsuspicious link or download. Sometimes the malware inside the trojan horse will start operating without your knowledge, stealing personal data in the background. They’ve been a threat to Macs for a while. There was a particularly bad one a few years ago called ‘MacDownloader’ which hid in a fake Adobe Flash update.

MACRO VIRUSES
These are sort of like a Trojan Horse and begin to work when the user clicks on an infected file, often a Word document. It then runs a code that can release new files, corrupt data, take screenshots and deliver malware.

What’s on the horizon?

The threats above are all based on previously recorded events and new threats are most likely to fit into those common categories. But the threats are ever-present. Cyber criminals are always finding ways of bypassing basic levels of security and will exploit vulnerabilities in your system.

Techrader.com talked about a recent threat which involves a dangerous new malware.

It’s thought to be distributed by a known Vietnamese hacking group called OceanLotus (yes, we know, it sounds like something from a James Bond movie, but it is real!)

The malware allows them to spy on machines and steal confidential info and sensitive business documents from macOS users. As this is a known threat, the latest security patches should help to protect against it.

Signs that your Mac has a virus

You won’t always know if something is wrong, if you don’t have a real-time scanner installed. Some malware is designed to run quietly in the background. However, there are a number of ways that might indicate that something is wrong.

LOTS OF ADS AND POP UPS
This may be obvious but if you’ve got unwanted ads popping up and you don’t usually (and really any irregular pop ups are out of the ordinary on a Mac) then it suggests something has arrived on your computer.

RUNNING SLOW
Your computer being slow may just be the result of lots of programs using up memory on your computer, but it could be an indication that you have a virus. If the spinning rainbow ‘wheel of death’ is constantly appearing, then you may have an issue.

BROWSER ISSUES
Viruses come from the internet and are mostly designed to disrupt your online activity. If your browser is running slow, acting abnormally or crashing regularly then questions need to be asked.

What you should do?

As we mentioned above, really the first step is acknowledging that there is a threat in the first place. Yes, Macs may still be safer, but we always think we’ll be fine until something happens. If you’re a Mac user or your business uses Macs regularly then it’s better to be safe than sorry.

Contact the LIS Help Desk to make sure you have a good antivirus and cybersecurity system installed on your computer, as well as the standard tools you get in macOS. If you need support or help in this area, you know where we are.

LIS – SECURING YOUR DIGITAL WORLD

#apple #mac #malware

 

Do you need a VPN at home?

Posted on by

Virtual private networks (VPNs) are great for securing your connection when you’re using public Wi-Fi. However, they can also be put to work in your home. You might use a VPN at work, however do you need a VPN at home?

When you use a VPN, you’re adding a layer of protection to your online activities by building an encrypted tunnel between your traffic and anyone who tries to spy on you. VPNs are great for when you’re out and about, using Wi-Fi networks that aren’t your own. But at home, a VPN can help protect you from other threats and may let you access streaming content that would be otherwise unavailable.

In a recent article aksing written by Darren Allan for msn.com he explores the benefits of having a VPN at home.

Do you need a VPN at home?

People are becoming conscious of the need to take back their privacy online. It is certainly no bad thing to do so at home

What is a VPN?

A VPN gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.

The Threats Abroad

Outside your home, it’s hard to tell which networks you encounter are safe. If you’re at a coffee shop, for example, how can you tell which Wi-Fi network is legitimate? Unless the SSID is posted somewhere, you’re just going to have to guess. Clever bad guys will set up access points with familiar names, hoping to trick people into connecting. Once victims are online, the bad guy does a man-in-the-middle attack, intercepting all the information victims send and receive. This includes a lot of mundane stuff, to be sure, but it can also include bank accounts, login information, and worse.

An attacker doesn’t even need to trick you, they just need to trick your phone or computer. Most devices are configured to reconnect to familiar networks by default. But if an attacker uses the same name of a popular Wi-Fi network, your devices may automatically connect, even without your knowledge.

Both of those attacks require a lot of guesswork, but a good attacker won’t bother with that. Instead, they’ll configure their evil access point to switch SSIDs to match the ones devices are asking for.  For example, at the Black Hat conference a few years ago, a security vendor detected an evil access point that had changed its SSID 1,047 times, tricking 35,000 devices into connecting.

These are situation in which you definitely need a VPN. The encrypted tunnel it creates blocks anyone on the same network as you—even the person managing the network—from seeing what you’re up to.

The Threats at Home

It’s very unlikely that a bad guy broke in to your home, replaced your router, and then waited for the good stuff to roll in. For one thing, that’s just too much work. But for another, attackers need more than one successful hit to make an attack worthwhile. They’ll want to rack up as much information from as many victims as possible. Unless you live above an airport, it’s unlikely that there’s enough foot traffic in your home to justify an attack.

VPNs can be fun

At least half of all VPN use isn’t for personal protection. It’s for streaming video. That might seem odd considering the negative effect that VPNs have on your upload and download speeds, but it makes sense.

That’s where VPNs come in. You can use your VPN to tunnel to a distant server and access content that is restricted in your home country. While Netflix is very good at blocking VPNs, this trick is also useful for sports fans.

Trouble at Home

VPNs are all about securing your traffic from prying eyes, and that’s sometimes a problem when you want your traffic to be seen. If you live in an especially smart home, you’re likely to encounter some problems with using a VPN.

A great example is Chromecast, Google’s dead-simple method for getting content from your phone or computer on to your TV. When you try to use Chromecast with a VPN, all your data is shuffled off your devices through an encrypted tunnel and can’t reach other devices on your local network. You’ll have to switch off your VPN if you want to use this feature, or others like it.

One solution to this problem is to simply raise the level of your VPN and install it on your router. That way, all the data on your local network is funnelled through the VPN, giving you all the protection without causing any of the fuss on the local level. Configuring your router to use a VPN can sound daunting, but some VPN companies will sell you a pre-configured router if you want to give it a try. Still, I think this solution is not for everyone and perhaps best left to people with a determined DIY sensibility.

While many people are using VPNs to stream online content, many (if not most) streaming services are very good at blocking VPN usage. One possible solution is purchasing a static IP address from your VPN provider. These “clean” addresses aren’t associated with VPNs, giving you a better chance of slipping past attempts to block your access.

Speed will always be an issue with VPNs. When a VPN connection is active, your web traffic is going through more machines and more fibre. As a result, this increases latency and slower transfer speeds. Not all VPNs are the same in how much they affect your connection, but you will see some impact.

Do you need a VPN at home?

In truth, the answer to the question of whether you “need” a VPN in your house is going to come down to your own preferences. There are lots of good reasons why a home VPN might be a valuable addition to your security arsenal, but what’s most important is whether you will use it. If you find yourself too frustrated with reduced internet speeds, or juggling streaming devices, don’t use a VPN at home. An unused security feature isn’t useful to anyone.

As more of us are working from home, it may be a good idea to explore your options. Contact the LIS Help Desk and talk to one of our friendly team to see how we can help you.

LIS DIGITAL – SECURING YOUR DIGITAL WORLD

#VPN #AddedSecurity #ExtraPrivacy

Daily email attacks

Posted on by

The British Broadcasting Corporation (BBC) receives over a quarter of a million malicious daily email attacks, according to official figures.

This data revealed under the Freedom of Information (FOI) Act by the Parliament Street think tank’s cyber security team. It showed 283,597 malicious emails were blocked by the organization every day over the first eight months of 2020.

The scale of daily email attacks

The data shows that the BBC receives an average of 6,704,188 monthly hostile emails classed as scam or spam. Additionally, an average of 18,662 malware attacks such as viruses, ransomware and spyware are blocked. From January to August 2020, a total of 51,898,393 infected emails were blocked by the BBCs systems.

The highest month of daily email attacks was July with a huge total of 6,801,227 incidents recorded. Of these 6,787,635 were spam and 13,592 were malware. The second highest month was March, when the COVID-19 outbreak was at its worst in the UK. The BBC received 6,768,632 spam attempts and 14,089 malware attempts, totalling 6,782,721.

Daily email attacks

The vast majority of email sent every day is unsolicited junk mail. Examples include:
Advertising, for example online pharmacies, pornography, dating, gambling.

Multiple cyber-attack incidents

In the past the BBC has experienced multiple incidents when it comes to cyber attempts and potential breaches. In 2013 the BBC twitter feed was subject to a phishing hack. It appeared to be sympathizers of Syrian President Bashar Assad. The BBC said the “phishing” emails contained what appeared to be links to The Guardian newspaper or Human Rights Watch online and brought users to a fake web mail portal.

In 2016 there was another hack. An anti-Isis hacking group claimed responsibility for downing BBC websites and services on New Year’s Eve.

Additionally, there were daily email attacks in December 2015, when the BBC’s websites were unavailable because of a large web attack. However, it is believed that a web attack technique known as a “distributed denial of service” was causing the patchy response. This aims to knock a site offline by swamping it with more traffic than it can handle.

A ripe opportunity for hackers

The data suggests that it is an ongoing struggle for the BBC to obstruct these malware, phishing and spam attempts.

Tim Sadler, CEO at Tessian

Tim Sadler,
CEO at Tessian

According to Tim Sadler, CEO at Tessian, The global pandemic has become a ripe opportunity for hackers’ phishing scams. We can clearly see that in reflected in the spike of malicious attacks on the BBC. In the wake of the outbreak, journalists and employees would have been busier and more distracted than usual.

“Using clever social engineering techniques, cyber-criminals’ prey on people’s desire for information during uncertain times. They bank on the fact that busy, distracted and stressed employees may miss the signs of a phishing email. As a result, they fall for their scams. Organizations, therefore, must have security measures in place to automatically predict such email threats and warn people before they click or download an attachment.

What do these daily email attacks means for business?

The various malware, phishing and cyber-attacks on the BBC acts as a warning for all businesses. Criminals will never let a good crisis go to waste. Employees are now connecting to their organizations from home in large numbers. This allows cyber criminals to target businesses in many more ways. These tactics have always existed. Therefore, as Tim Sadler advises, organizations must have the security measures to detect such email threats.

At LIS our clients benefit from the latest anti-spam and anti-virus solutions. They also take advantage of our Office 365 Security Package. This allows them to stop advanced threats and stay compliant. As well as being productive and keeping their data safe. Contact the LIS Help Desk to make sure your business is safe and secure.

LIS – SECURING YOUR DIGITAL WORLD

#Security #Emails #CyberCrime #ITsupport

Attacks from ransomware

Posted on by

Ransomware PDF Guide

Ever wondered what attacks from ransomware are? You’ve heard about it at the office or read about it in the news. Maybe you’ve got a pop-up on your computer screen right now warning of a ransomware infection. Well, if you’re curious to learn all there is to know about ransomware, you’ve come to the right place.

Download our new guide and know how to keep your business safe.

Attacks from ransomware

What is ransomware?

Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files. The cyber-criminal will demand a payment in order to regain access. Developed in the late 1980s, ransom payments were sent via snail mail. Today, ransomware authors want to recieve payment in cryptocurrency or by credit card.

How does a ransomware attack happen?

After your home gets broken into, it may be obvious the intruder came in through a window or smashed down a door. Shattered glass and forced entry are signs that lead you to conclude that there has been a burglary. In the cyber world, these signals might not be as evident. Your first clue might be a pop up saying please pay money to regain access to your computer.

What went wrong? 

Attacks from ransomware happen to a business when they fail to follow common cyber security 101, such as:

  • Choosing strong passwords
  • Enforcing access management controls
  • Security awareness training for employees
  • Using EDR (Endpoint Detection and Response) or antivirus software
  • Updating operating systems and hardware

Cyber criminals use several methods to access your network by exploiting vulnerabilities. However, to prevent attacks from ransomware, businesses need to understand them and be proactive with stronger cyber security.

How can I prevent them?

Follow the advice in our guide. Address the security threats for your business and educate your colleagues. Protect your business from ransomware with effective cyber security solutions and avoid disruption to your business!

However, if you would like to save some time, we can analyse the risks for you, develop a security strategy to enable your business to dig a moat and pull up the drawbridge.

Would you like to learn more about how we can help protect you from ransomware and emerging cyber threats? Contact the LIS Help Desk and one of our friendly and experienced technicians will be able to help you.

LIS – SECURING YOUR DIGITAL WORLD

 #FreeGuide #GotMalware? #HiddenIntruder

Ban ransomware payments

Posted on by

Should ransomware payments be banned?

The Government have been recently lobbied to ban ransomware payments. They have been asked to prohibit companies and individuals being able to pay ransom demands. Cyber criminals try to scam organisation with cyber-attacks using ransomware malware. The prohibition of ransom payments would cut the flow of income to attackers. As well as shutting down the desire to hit U.K. citizens and companies with ransomware.

Prohibition of ransom payments for ransomware could mean there is no point in cyber attackers going after U.K. Alexander Culafi a news writer from Search Security explores the ban ransomware payments story in more detail.

Ransomware payments

A security firm involved in the business of combating ransomware has called for a government ban on the
payment of ransoms by companies. There was no other practical solution other than to ban ransomware payments.

Paying ransomware demands could be illegal

Companies paying ransom when attacked by ransomware in an effort to retrieve their data has always been controversial because it encourages future attacks. Now, doing so may also be illegal.

The U.S. Department of Treasury today warned that paying ransomware demands may be illegal and that companies that do so could be prosecuted.

The warning came in advisories from the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network. Both warned that any company that paid a ransomware payment, or a third party that facilitated a payment, could be prosecuted in the case that the hackers demanding the ransom were subject to U.S. sanctions.

There is an exception: Companies that are considering making a ransomware payment can do so but only with government approval.

Specific attention was given to third-party companies that facilitate ransomware payments. “Companies that facilitate ransomware payments to cyber criminals, encourage future ransomware payment demands. They also may risk violating OFAC regulations,” the Office of Foreign Asset Control said in its advisory.

Ransomware payments are controversial

Paying ransoms in ransomware attacks has always been controversial. Firstly, a serious ransomware attack could and has seriously crippled companies and cost them. Secondlay, hundreds of millions of dollars in lost business and costs. Finally, sometimes paying the ransom to obtain access to core business files is arguably worth it.

The counter-argument is that every single time a company pays a ransomware demand, it encourages future ransomware attacks. Hacking groups know this, which is why they keep deploying attacks.

An expert’s opinion

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. compares ransomware to the Italian Mafia.

“Many years ago, in Italy, there were many kidnappings by organized crime groups of the wealthy and affluent families,” McQuiggan told SiliconANGLE. “They would request large sums of money in exchange to return the victim’s loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organized crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay.”

He went on, “At first, the crime groups called the bluff of the families who couldn’t pay and killed the family member. However, after a short while, the organized crime groups realized they couldn’t pay, and quickly, the kidnapping and ransoms came to an end.”

Returning to today’s advisories, McQuiggan said that even if an organization wishes to pay the ransom, it would have to collaborate with the U.S. Treasury, FBI and other government agencies to send the funds. “The U.S. government’s recommendation of not paying comes with a similar notion of not negotiating with terrorists. Never pay the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks,” he said.

Stay protected with LIS

Unfortunately, we are unable to stop cybercrime. However, we try and help prevent it. Our clients benefit from our Anti-Spam, Anti-Virus and Office 365 Security Package solutions. Can you afford to take the risk?

Practice safe IT. STAY PRODUCTED! Contact the LIS HELP DESK to discuss your options.

LIS – Securing your digital world

#Ransomware #Cybercrime #Security #ITSupport