update

A primer on watering hole attacks

Cyberattacks come in many different forms, with new methods being developed all the time. What’s bad is that personal information is now often stored online, be it through social media or through government and healthcare services — and these are juicy targets for criminals. Learn more about one way these criminals steal data — through watering hole attacks.

What are watering hole attacks?

Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

With such highly skilled hackers these days, virtually any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips:

Update your software
Watering hole attacks often exploit holes and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
Regularly conduct security checks using your network security tools to try and detect watering hole attacks. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature. Also, block social media sites from your office network, as these are often used as share points of links to infected sites.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

5 Tips for protecting corporate data

A data breach can happen to anyone, even to the most secure businesses or financial institutions — and cybercriminals could even attack your company’s network. How can you be sure your network is completely hacker-safe? As a business owner, you can’t afford a data breach, as it could cost you your clients and reputation. Employing strict security measures can make any cybercriminal think twice about trying to break into your network. Here are some tips to protect your corporate data.

Use Two-Factor Authentication

Using a complicated password to secure your system is no longer an effective way to solve the issue of cybersecurity. We tend to use that same complex password in our email accounts or bank accounts, and if one of your logins is compromised, this can result in grave consequences.

Two-factor authentication (2FA) adds an extra layer of security for your systems and accounts. It can be biometric verification for devices that you own, or a time-sensitive auto-generated code that is sent to your mobile phone. This security feature works in the same way websites would require you to confirm your email address. They want to make sure that you’re not a bot or anything else.

Encrypt all data

Encryption is a great obstruction to hackers, since it scrambles and descrambles data every time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via the company’s own network systems. While applying encryption can be costly, it is certainly well worth the money if it can protect your business data from falling into the wrong hands.

Keep systems up to date

Technology is moving at a fast pace. Hackers are always upgrading their tools to take advantage of outdated security systems, so companies should do likewise to protect their valuable resources. Yet many companies don’t install software updates immediately. If the update closes existing security loopholes, delaying an update exposes you to external attacks. So install software updates as soon as they are released.

Back up frequently

Although you’ve implemented several layers to your security, sometimes hackers can still find their way in. This is why you need to back up data frequently, whether it’s on-site, off-site, or by way of cloud backups. In the worst-case scenario where your systems do get infiltrated, you can restore lost data from those backups.

Monitor connectivity

Many businesses have no idea how many computers they have, so it’s very hard to keep track of which computers are online. Sometimes a company’s computers and servers are online when they don’t need to be, making them tempting targets for attackers. It’s advisable to configure business servers properly, ensuring that only necessary machines are online and that they’re well-protected.

It’s much more expensive to recover from a data breach than to prevent one. If you’re looking to protect your business IT systems for potential threats, contact us today so we can help.

Published with permission from TechAdvisory.org. Source.