Рубрика: Cybersecurity

We must have used Virtual Private Network or VPN as it is commonly referred to, at least once in our networking life. Whether it is to access Netflix that was not available in our region or to bypass internet traffic. Although VPNs’ usage was slowing dying, while coronavirus kept us confined to our homely quarters, VPNs again came to our rescue.

According to sources, the recent surge in VPNs is directly proportional to the number of positive confirmed cases in a country. From March 8 to March 22, Italy has a 160% increase per week while the USA, Spain, France, Russia, UK have 124%, 58%, 44%, 57%, and 18% respectively. This statistic is going to change with a large section of people from developed to developing countries, small firms to Tech Giants like Facebook, Google, Amazon, and Microsoft now requiring to telecommute, to log into their employers’ enterprise VPNs to connect to the corporate network. Even India has seen a rise of 15% in VPN usage since end-February.

And this dependency has brought some questions and hesitation into the light too. Questions like below continue to cloud the mind of corporate worlds if they should switch to using it:

• of employees who will need remote access

• Additional bandwidth

• How quickly can this bandwidth be procured

• Necessity for additional licensing and support software

• Technologies that can be used to boost bandwidth cost-effectively

• Cyber threats and security and protection of the increased amount of data traffic

Based on the above-stated points the choice of a VPN should be based on when, why, and where it will be used.

Furthermore, you should try to stay clear of VPN services that offer mostly or entirely free services, especially those found in the Google Play app store, which is full of sketchy Android VPN services.

“More than 25 percent failed to protect user privacy due to DNS leaks,” says a blog posting by Tom Migliano, head of research at Top10VPN.com, which conducted the survey. “We also found 85 percent featured questionable permissions or functions buried in their source code that could potentially be used to spy on users.” Additional issues include tracking user’s exact geographic location and leaking the user’s true IP address.

A careful review is a must while choosing one. There are free VPNs like TunnelBear that have negligible issues. However, it is better to opt for paid services as they are devoid of such traps and privacy thefts. Alternatively one can also look for providers (after reading online reviews from legitimate sources) that offer a trial pack before you can make an informed decision to continue with them or not. Recently, Tel Aviv-based cyber-security firm Check Point started quietly offering companies free 60-day licenses to its VPN tools. Within days, they received interest from several hundred companies, said Maya Levine, a security engineer at Check Point.

In addition to that, remote access technology providers face the challenge of enabling existing clients to broaden base usage due to corona-emergency. Hence there is a dire need for expansion of VPN licenses to accommodate the growing figures. Furthermore, there are many obsolete apps that have not been updated for years.

Ironically Failing to install a VPN has its own set of potential risks. With more people now working from home, there’s an opportunity for “wardriving,” a cyber-security term for people who drive around and look for vulnerable Wi-Fi networks to hack.

While the effort to slow down the spread of COVID-19 gains momentum, VPNs are slowly becoming an integral part of work dynamic shifts. Priority should be given ones that feature Multi-Factor Authentication (MFA) and provide Endpoint security. In the near future, we also need a strict protocol for the regulation of these networks that promise additional security over hacking.

The post VPNs: A growing factor that can change the work dynamics we know appeared first on Analytics Insight.

With over a million confirmed cases of SARS-CoV-2 virus across more than 200 nations and territories, coronavirus has spread its filthy feathers across the whole world. Globally, the total number of coronavirus cases neared 1.35 million while the death toll crossed 74,000, according to the latest data from Johns Hopkins University. The US with over 3.6 lakh cases was the worst affected country while the death toll in the country has surpassed 10,000.

However, some people are out there who seek to gain advantage from crisis. According to an Interpol warning, cybercriminals are exploiting the coronavirus crisis and threatening to hold hospitals to ransom despite the life-saving work they are carrying out. The International Criminal Police Organisation has issued a global alert to health care organizations about the ransomware attacks, often disguised as official advice from government agencies, which are designed to lock administrators out of the critical IT systems they need.

The warning said that the criminals will demand payment before the hospital staff is allowed back in, like the way the UK’s National Health Service was attacked with the WannaCry virus in 2017. Interpol’s Cybercrime Threat Response has detected a “significant increase” in the number of attempted ransomware attacks against key organizations around the world.

The international organization has alerted all 194 of its member countries and is working with the cybersecurity industry to gather information about the attacks as well as assisting national police forces. Interpol secretary Jurgen Stock said the malware attacks could be deadly, coming as they do as the coronavirus outbreak response reaches a critical level around the world. He further said, “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients… Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.”

According to the International Police Organization, prevention and mitigation were key, with the malware mainly being spread by emails. They often claim to contain information about the outbreak from an official source, encouraging the recipient to open an attachment which can then infect their system.

Interpol is advising hospitals and healthcare companies to ensure hardware and software are kept up to date, and that essential files are backed up.

Moreover, Interpol is encouraging the public to exercise caution when buying medical supplies online during the current health crisis, with criminals capitalizing on the situation to run a range of financial scams.

With surgical masks and other medical supplies in high demand yet difficult to find in retail stores as a result of the COVID-19 pandemic, fake shops, websites, social media accounts and email addresses claiming to sell these items have sprung up online.

But instead of receiving the promised masks and supplies, unsuspecting victims have seen their money disappear into the hands of the criminals involved.

This is one of several types of financial fraud schemes connected to the ongoing global health crisis which have been reported to INTERPOL by authorities in its member countries.

COVID-19 fraud schemes: Scams linked to the virus

· Telephone fraud – criminals call victims pretending to be a clinic or hospital officials, who claim that a relative of the victim has fallen sick with the virus and request payments for medical treatment;

· Phishing – emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware.

In many cases, the fraudsters impersonate legitimate companies, using similar names, websites and email addresses in their attempt to trick unsuspecting members of the public, even reaching out proactively via emails and messages on social media platforms.

“Criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones,” said INTERPOL Secretary General Jürgen Stock.

“Anyone who is thinking of buying medical supplies online should take a moment and verify that you are in fact dealing with a legitimate, reputable company, otherwise your money could be lost to unscrupulous criminals,” concluded the INTERPOL Chief.

Blocking and recovering fraudulent payments

Monetary losses reported to INTERPOL have been as high as hundreds of thousands of dollars in a single case, and these crimes are crossing international borders.

INTERPOL’s Financial Crimes Unit is receiving information from member countries on a near-daily basis regarding fraud cases and requests to assist with stopping fraudulent payments. Targeted victims have primarily been located in Asia, but the criminals have used bank accounts located in other regions such as Europe, to appear as legitimate accounts linked to the company which is being impersonated.

In one case, a victim in Asia made payments to several bank accounts unknowingly controlled by criminals in multiple European countries. With INTERPOL’s assistance, national authorities were able to block some of the payments, but others were quickly transferred by the criminals to second and even third bank accounts before they could be traced and blocked.

To date, INTERPOL has assisted with some 30 COVID-19 related fraud scam cases with links to Asia and Europe, leading to the blocking of 18 bank accounts and freezing of more than USD 730,000 in suspected fraudulent transactions.

INTERPOL has also issued a Purple Notice alerting police in all its 194 member countries to this new type of fraud.

Warning signs

If you are looking to buy medical supplies online, or receive emails or links offering medical support, be alert to the signs of a potential scam to protect yourself and your money.

· Independently verify the company/individual offering the items before making any purchases;

· Be aware of bogus websites – criminals will often use a web address which looks almost identical to the legitimate one, e.g. ‘abc.org’ instead of ‘abc.com’;

· Check online reviews of a company before making a purchase – for example, have there been complaints of other customers not receiving the promised items?

· Be wary if asked to make a payment to a bank account located in a different country than where the company is located;

· If you believe you have been the victim of fraud, alert your bank immediately so the payment can be stopped.

· Do not click on links or open attachments which you were not expecting to receive, or come from an unknown sender;

· Be wary of unsolicited emails offering medical equipment or requesting your personal information for medical checks – legitimate health authorities do not normally contact the general public in this manner.

The post Cybercrimes Likely to Increase Amid Coronavirus Uproar, Warns Interpol appeared first on Analytics Insight.

Somewhere between 2017 and 2021, overall spending on cybersecurity will top $1 trillion, as indicated by predictions from Cybersecurity Ventures. The blast of cyberattacks on companies and new risk vectors within networks because of the transition to Infrastructure as a Service (IaaS), or public cloud, makes the requirement for agile security more significant than ever for CIOs and CISOs overseeing cybersecurity.

On account of AWS and Azure, anybody can assemble their applications or get infrastructure by essentially buying into IaaS services, with or without the authorization or help of an IT team. While that is extraordinary news for application proprietors who want agility and faster time to market, it tends to be incredibly challenging for security experts entrusted with protecting resources in cloud infrastructure conditions.

Things being what they are, hackers have just gotten agile. The attackers have spent the most recent decade building up an agile plan of action utilizing an online marketplace that empowers them to create and launch attacks quickly. A 2016 report from Symantec found that recognition of one of a kind malware bounced 36% in 2015 versus the prior year. Attacks are getting increasingly frequent, protection and detection costs are rising, and compliance necessities are developing.

There are more products to help, and some even utilize a similar innovation that the hackers are utilizing, similar to cloud and AI. You rapidly understand that it’s difficult to stay aware of these developing dangers, which is sapping your internal security team’s assets.

The attack techniques deployed by threat actors have gotten profoundly innovative and keep on advancing quickly. They go from “fileless” and multi-behavior malware utilizing new deception strategies to exfiltrate sensitive data to the utilization of rising advances, for example, AI/ML to launch cyberattacks. Social building strategies have likewise accelerated as of late to encourage ransomware and malware infections across numerous IT and OT frameworks.

In our present fight against the novel coronavirus pandemic, the condition of cybersecurity affairs ought to be raised to “critical”. The number of phishing attacks, malware and online scams has been on the and I expect we will keep on observing more hackers looking to benefit from individuals’ fear and tension.

Let’s see some of the ways in which companies can make their cybersecurity more agile.

Standardize on core security standards: Make security an essential part of the development pipeline from the very first moment so your teams can address any vulnerabilities that emerge when they are detected, anytime all the while.

Embrace “API-driven security”: By removing the human component from the procedure, you set up a ceaseless integration philosophy, which takes into consideration consistency of delivery. For instance, if a security strategy needs to be balanced, you do it once, accordingly dispensing with irregularity in the system or unnecessary outages.

Other than business needs and drivers, an external threat landscape ought to be a trigger to change procedure. Suppose you have chosen to extend your business to another nation since you have seen the chance to develop market share. Notwithstanding, a more critical look at the goings-on in cyberscape will advise you that state-supported hacker groups are lying in holding on to mount a cyberattack on the next foreign entrant in their offer to secure local organizations.

With regards to cyber strategy, you should survey the structure and program dependent on external intelligence. As you get new bits of knowledge, you should take these information sources and change the strategies accordingly.

Utilize public cloud: Deploy cloud-based services to make the advanced, agile application environment your developers and IT divisions need to advance quicker and all the more constantly. Use security best practices dependent on the Shared Responsibility Model to maintain a strategic distance from cloud misconfigurations and lessen risk.

Acquaint a DevSecOps approach with security groups: In order to proceed onward and constantly repeat and deploy new products and solutions, ensure quick response teams are running day in and day out, and that product security teams are lined up with a similar direction as the rest of the company.

Make a security rapid response group: Fast response times are basic to giving a tech organization upper hand. To establish “security at speed,” actualize continuous measuring, testing and monitoring in an effort to iterate quickly.

Having manufactured your cyber system and guide to operationalize it, you would then be able to initiate an enterprise risk management where you join learnings from external and internal cyber signals and intelligence. Enterprises may have risk management and audit exercises, yet to build a genuinely agile cybersecurity system, risk management updates should be made in real-time.

External insights on industry, innovation and geography ought to illuminate overall cybersecurity strategy. Remain side by side of these cyber patterns to keep your cyber risk profile updated. This alludes to comprehension of cyber events that are important to your industry, the geographical location where you are working and the innovation your enterprise is utilizing. By relating data gathered in cyberspace against these three spaces, you will have applicable experiences that can control your methodology and roadmap.

The post Let’s Make an Agile Cybersecurity Strategy appeared first on Analytics Insight.

No one denies that something needs to be done to protect our online data. From January to March of 2019, over 1.9 billion records have been exposed. While businesses were the most commonly hacked, educational and medical institutions were also victims of fraudsters.

Besides including sensitive medical information, the stolen data included names, passwords, addresses, and credit card numbers. Those wanting to wreak havoc on your accounts had plenty of information available to let them succeed.

Three years ago, it was estimated that one in 15 people would be a victim to identity theft. Of course, this is expected to increase.

What can be done to curtail this growth of online fraud? Some companies, institutions, and agencies are turning to biometric authentication to identify people. Over the last several years, companies have been scrambling to improve the technology behind biometric authentication. We are now at the point where such authentication can be trusted.

First, let’s discuss the types of biometric authentication. Then, let’s discuss why this type of security can be trusted, even with the most sensitive of information. Finally, we will explain how companies are turning to biometric authentication to allow online users to open accounts.

What are some examples of biometric identification?

Biometric identification can include a whole host of technologies. It can consist of iris or fingerprint scans that we have seen on James Bond movies for decades. But it can also voice recognition and facial recognition software similar to what is used on iPhones. As technology improves, such forms of identification become more sophisticated.

Can we trust biometric identification?

If you are a sci-fi fan, you may have concerns regarding biometric identification. You may think of those novels you read in high school English class where the government gained control of all aspects of life and was not to be trusted. Perhaps, in part, because of these works of fiction, users still struggle with trusting this type of technology.

The reality is that we can’t afford not to trust biometric identification. As technology advances, it is becoming clear that biometrics are safer than the old system of log-ins and passwords.

We say that biometric identification is a safer alternative, but caution must be given. Companies need to be able to share how this data is stored. They also need to be able to communicate what it is used for, so people can make informed decisions. This educational process is necessary anytime new technology is initiated.

For example, some fingerprint scanning software may not store all of the data points of the fingerprint. This means that even if that fingerprint data is somehow breached, the criminal would not be able to replicate the print for nefarious intent.

Other times, biometric information is only stored on the owner’s device. Think about how the facial recognition on your iPhone works. Apple does not save a scan of your face. It is only used to unlock your phone and its apps.

To return to our first point, we must learn to trust biometric data. Traditional logins and passwords have not proven effective. They are discovered by criminal elements sometimes because of a user’s error, but more often than not, even careful users may become victim to such data breaches.

How do companies use biometric data to allow customers to open online accounts?

We never know when a worldwide global pandemic will alter the way companies have to do business. More than ever before, companies must have a secure online presence in order to serve their customers. How can companies promise that they will be careful with their customer’s data when we have all been victims in the past?

One way that companies can better serve their customers is by using biometric data to make sure they know who their customer is.

To open an account, the customer must submit a quality scan of a government-issued photo ID. This photo will be compared with a database of thousands of IDs to see whether any red-flags appear on the validity of the document.

Next, the customer must take a selfie and submit it to the company. Technology is in place to ensure that the selfie is that of a live person and not of a photograph of a person. Facial recognition software scans the person’s face to make sure it matches the image on the ID.

After the company is confident that the customer is who she says she is, they can then continue with whatever background and credit checks they deem necessary for their industry. The company wins because they have found a new client. The client wins because they know they are working with a company that values online security.

Like working with any technology, it is ever-evolving. Policies are written and rewritten to change with the times. It should be considered a work in progress.

Even though customers may still find a way to open accounts in other people’s names, no matter if biometric identification is used or not, we have still come a long way to improve digital security.

The post How Technology Has Already Begun Using Your Biometric Data – And Why it’s Trustworthy appeared first on Analytics Insight.

The novel coronavirus has affected the worldwide economy, day-to-day life, and human health around the globe, changing how individuals work and communicate in ordinary. However, notwithstanding the pressing risk, the virus poses to human health, these fast changes have additionally made an environment in which hackers, scammers, and spammers all thrive.

Coronavirus phishing tricks began coursing in January, going after dread and disarray about the virus, they’ve just multiplied since. A week ago, Brno University Hospital in the Czech Republic, a significant Covid-19 testing center, suffered a ransomware attack that disrupted operations and caused surgery postponements. Also, even refined country state hackers have been utilizing pandemic-related snares to spread their malware. The conditions are ready for cyberattacks of different kinds.

There is an insidious side-effect to coronavirus. Hackers of all stripes are finding the conditions perfect to worm their way into individual and corporate accounts. Remote workers getting to their organization systems from individual devices at home make it simpler for programmers to break cybersecurity. IT teams are likewise constrained to empower remote work, bringing down security conventions.

The World Health Organization announced a multiplying of cyberattacks a month ago, including an attempt to mirror its internal email framework to get passwords of staff members. Security firm Barracuda Networks likewise saw an enormous worldwide spike in email phishing related to coronavirus, going after individuals’ feelings of trepidation and curiosity.

PricewaterhouseCoopers discovered waves of phishing attacks focusing on 50 leading Indian organizations which were setting up VPN (virtual private networks) and other infrastructure to assist individuals with work from home. A large number of coronavirus-themed sites are springing up day by day, a considerable lot of which are malicious. The greater concern is that breaches may not get obvious for quite a long time or years. Hackers can utilize the coronavirus circumstance to tunnel in and lie dormant with their malware. At that point, they can continue redirecting information or money until the breach is detected.

Attackers design websites identified with coronavirus so as to incite you to download an application to keep you updated on the circumstance. This application needn’t bother with any installation and shows you a guide of how COVID-19 is spreading. In any case, it is a front for attackers to produce a malicious binary file and install it on your computer. Just, all things considered, these sites act like authentic maps for tracking coronavirus, yet have an alternate URL or various subtleties from the original source.

Presently, the malware just affects Windows machines. However, it is anticipated that attackers should take a shot at another form that may impact different frameworks as well. This strategy uses malicious software known as AZORult, which was first found in 2016. The software is made to steal information from your PC and contaminate it with other malware too.

The analyst noticed that AZORult can take data from your computer including passwords and cryptographic forms of money. Another variation of AZORult introduces a secret administrator account on your computer to perform remote attacks. Prior this month, research from security firm Check Point noticed that coronavirus related spaces are 50% bound to introduce malware in your system. While it’s imperative to pick up data with respect to coronavirus, you should just utilize verified dashboards to keep a tab on it to abstain from getting hacked.

More individuals than ever are working from home, frequently with fewer security barriers on their home networks than they would have in the workplace. Indeed, even in critical infrastructure and other high-sensitivity environments where it is difficult to safely work from home, skeleton teams at the workplace and general distraction can make windows of vulnerability. What’s more, in the midst of stress or interruption, individuals are bound to succumb to malicious scams and tricks.

The present circumstance presents enough challenges. Any extra unwanted occasions would simply make it progressively troublesome. So one most pessimistic scenario result of a cyberattack could be slowing down crisis response, for example in the health care sector. Such attacks consistently represent a potential danger to the health and safety of patients, however, are particularly terrible during a pandemic that is stressing the world’s health care systems.

Covid-19 tricks aren’t simply being utilized by criminals for monetary gain. They’re additionally appearing in progressively slippery tasks. Mobile security firm Lookout published findings recently that a malicious Android application has been acting like a Covid-19 following guide from Johns Hopkins University, however, it really contains spyware associated with a surveillance operation against mobile users in Libya.

And afterwards, there are the country state hackers, who realize without a doubt that home networks basically aren’t as secure as those in workplaces. Remote connections specifically make it increasingly troublesome, if certainly feasible, for most threat detection tools to differentiate legitimate work from something suspicious. Phishing is a type of social engineering and the coronavirus circumstance has opened up new roads for manipulating overwrought people into divulging confidential information. It can wind up with your digital life being undermined.

The post The Impact of Coronavirus on Cybersecurity appeared first on Analytics Insight.

As the world gears up to fight back Coronavirus, which has claimed nearly 117,569 lives, caused global shutdowns, economic repercussions, halting industrial productivity, putting brakes on travel and tourism, etc. , there is one enormously underrated threat: cybersecurity. And soon a widespread event occurs, cybercriminals spring quickly into illicit activities that spews communal hatred, spread disinformation, and look for financial, and data theft.

Recent instances are:

Phishing

It is one of the most common attacking techniques. Prime targets are Health organizations such as the WHO and US Centers for Disease Control and Prevention (CDC). Here the attackers impersonate via spamming emails and messages on the context of the perceived authority across the globe. They try tempting victims with URLs or document downloads using promises of important safety documentation or infection maps.

These scammers tried to register fake domain names (cdc-gov.org and cdcgov.org) which seemed similar to valid domains (cdc.gov) to confuse the online audience.

According to new figures from sources phishing attacks have risen 667 percent in the UK in March, compared to February.

Malware

In February, a member of prestigious Russian-language cybercriminal forum XSS, began selling a “digital Coronavirus infection kit” one the pretext of using the Johns Hopkins Center for Systems Science and Engineering’s (CSSE) legitimate interactive map as part of a Java-based malware deployment scheme via emails. The cost was priced at $200 for buyers having a Java code signing certificate and $700 if not.

Additionally, after the onset of coronavirus, there has been a shocking increase in registrations of COVID-19 related domains, where they spread misinformation, host phishing pages, impersonate legitimate brands, and sell fraudulent or counterfeit items.

While people are facing scarcity of protection masks and other necessary items. Online space is flooded with shady ads about masks and other amenities being offered at subsidized rates or in exchange for bitcoins and customized forms.

Infodemic

There are pages and posts which claim to have found a medical solution to the pandemic. But these are easy to get recognized as misleading claims, unlike the conspiracies theories that are taking rounds.

Theories about the virus, being genetically engineered, or used as bio-weapon can cause mass hysteria, incite racism and xenophobia. Social media posts featuring harmful at-home cures or remedies without scientific backing and labeling coronavirus as doom to create stockpiling, hence shortages of supplies and critical medical equipment have been common misinformation propaganda to boost engagement on their pages. These feed on the human tendency to panic at the sight of danger or socio-economic rooted stereotypes.

Cyber Attacks

With government-imposed lockdowns taking place to slow down the spread of coronavirus due to exposure, there a sudden uptick in work from home opportunities. Most of the employing firms use VPNs to remotely access to the workspace either for additional security or less regional traffic. But generally, these VPNs are free service providers and they are likely to steal sensitive information including location, phone number, etc. Not only that, but hackers are also taking advantage of less secured open home Wi-Fi networks.

Given the mentioned threats, users must check for relevancy of the sources of the articles or posts they come across. Encrypt their local or home Wi-Fi as they treat the corporate ones. Avoid clicking on links in unsolicited emails and be wary of email attachments and never reveal personal nor financial info online. Review emails for grammatical or spelling mistakes for spam signs and cross-check for original websites or emails on institutes. Check for the authenticity of the charity sites. Request employers to provide clear WFH guidelines and easy to implement security steps.

For a detailed solution on cyber threats during COVID-19 scare, do watch out for this space.

The post Can Covid-19 Pose Threat to Cybersecurity appeared first on Analytics Insight.

Hackers will take advantage of any vulnerability they can find. Amidst the pandemic of COVID-19, attackers are taking advantage of the alertness of the world population with phishing emails, social media posts, apps and text messages containing malware. These scams typically involve fraudsters impersonating healthcare officials.

In fact, CERT-In (Computer Emergency Response Team of India) in its latest advisory to internet users said that cyber criminals are exploiting the COVID-19 outbreak as an opportunity to send phishing emails claiming to have important updates or encouraging donations, impersonating trustworthy organizations. The phenomenon has been witnessed as many organizations have asked their staff to work from home to help stop the spread of the coronavirus that has claimed thousands of live worldwide and infected millions.

As these cyberattacks continue to spread, we recommend these six best practices to help protect ourselves.

Check for Common Signs

If a form of communication asks you to click a link, download an attachment or give any personal or financial information, this should be a red flag. Do not exchange information or do financial transactions with entities that you are not familiar with.

Look for common signs of fraudulent sites/ emails including:

1. Poor design
2. Poor grammar or spelling
3. Unreliable contact information
4. No Terms and Conditions listed
5. Deals that seem too good to be true
6. Suspicious forms of payment (like sending money to a random PayPal account)

Treat Emails about COVID-19 with Suspicion

This sample phishing email lures readers in with a “cure” to the virus, but the attachment contains malware. Reading carefully reveals that the fraudster spelled Israel “Isreal,” which is a clear red flag.

Pay Attention when Browsing

It’s also important to be careful when browsing, whether on websites, social media or apps. You can check the sites you visit for TLS (Transport Layer Security) /SSL (Secure Sockets Layer), the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. Different browsers have unique identifiers to show if a website is secure. You can view our blog on how to identify authorized sites to know how to distinguish authorized from unsecured sites.

Additionally, web users can check the safety of a site by copying and pasting the URL into the Google Safe Browsing Transparency Report. If a suspicious or fraudulent site is found, it can be reported to Google’s Safe Browsing or Mozilla’s Protect the Fox.

Don’t Download Unknown Attachments (Like This Map)

Malware is currently spreading through cybercriminals distributing via email a map similar to the one by Johns Hopkins University. The map often includes links to malicious sites disguised as official communication.

Beware Text Messages Claiming to be from the CDC

Reports of people receiving a text message from the CDC have surfaced, but they are a hoax. In general, do not click on links in text messages from unrecognized numbers. They can link you to sites that distribute malware.

Fight Technology with Technology

To prevent attacks always update your software and browser with the latest versions of Microsoft Edge, Mozilla Firefox and other vendors’ browsers that come equipped with anti-phishing filters.

Existing technologies such as PKI (Public Key Infrastructure), which provides encryption and cryptographic identity guarantee in each data flow and verifies all network users, can play a key role in protecting homes, businesses and connected networks. Email attacks are common forms of phishing and social engineering, and companies can also help protect users and other people who trust their email systems by using digital certificates to assure the identity and authentication and encryption of the client.

Overall, rely on legitimate health services and government websites for information. Do not give out personal or financial information and verify that a charity is legitimate before making donations. You may want to review the FTC guidelines for vetting a charity and avoiding scams before making any donations.

During this global pandemic, not only do we need to reexamine our social habits, but also our digital ones. Following these tips can protect against hacker attacks and data leakage, keeping your network and devices safe

About the Author:

About Dean Coclin

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. In his role at DigiCert, he’s responsible for representing the company in industry consortia and driving the company’s strategic alliances with technology partners. He’s the past chair of the CA/Browser Forum and the current vice chair of the Forum. He also is chairing the ASC X9 PKI Study Group.

The post How to Avoid Cyberattacks during an extended period of working from home appeared first on Analytics Insight.

Today, Internet usage has been quite vast with the number of Internet users and their data is blooming at a tremendous rate. This increased amount of data has attracted hackers and other bad players to steal away the user-critical data. With the advent of hackers on the Internet domain, it has no longer remained a safe place. The number of public Wi-Fi is directly co-related to the increased number of Internet users and we can find public Wi-Fi present at places such as- hotels, malls, airports, etc. Internet users often leverage these open networks to stay ‘connected’ with the Internet world without realizing its consequences. Once the user gets connected to the Internet using public Wi-Fi, he automatically enhances the risk of spying and spoofing of his critical data. All the user data is now made easily accessible to hackers.

Most of the users undermine the fact that public Wi-Fi is not a secure option. Although it asks for a password for connecting to the network, it doesn’t ultimately ensure that the user activities are safe and secured. Using public Wi-Fi without deploying the right security mechanisms can result in online identity and monetary losses.

Risks Related to Public Wi-Fi

i. In the case of public Wi-Fi, other users present on a server can easily have access to other users’ data. In the absence of appropriate security mechanisms, the user data gets easily transmitted on the network without in the form of a plain text having no encryption. The unencrypted data on the public Wi-Fi is now easily visible on the network and this can give hackers the chance to exploit the user data.

ii. Another risk involved in using public Wi-Fi is that hackers can spy on the user’s password as well as other critical data. The users must avoid using the same password across different sites; else, this might cause a big problem.

iii. The ultimate risk involved with using public Wi-Fi is that there are always chances of session hijacking. In the case of a session hijacking, the hacker continuously monitors the Wi-Fi traffic and tries to infiltrate into a user’s open session by stealing browser cookies that are used for recognized for users. Once the hacker gains access to such cookies, they enter the user websites or even take away the critical login credentials that are present inside the cookie.

How Hackers Use Public Wi-Fi

Following are the two possible ways in which the hackers leverage the public Wi-Fi setups for taking away user-critical data-

1. Hackers Also Connected on the Same Network

Any hacker’s ultimate aim is to remain connected to a network that has a vast user base, and hence, the public Wi-Fi network act as the potential target. Once the hacker arrives on the public Wi-Fi network, he starts deploying the malpractices for taking complete control of the data as well as communication that is taking place on this open network.

One of the common ways that hackers use public Wi-Fi for intercepting the user’s data present on the network is known as Man-in-the-Middle Attack. This attack proves to be extremely beneficial when the cyber attackers manage to successfully block the communication taking place between clients or even users present on the public Wi-Fi. The hacker manages to successfully capture all the incoming and outgoing data of the network.
Another risk in this method is that hackers can share files. In case, the user has enabled file-sharing options at the time of getting connected on the network, and the hacker can easily transmit corrupt and malicious files to the user.

2. Hackers Creating Fake Wi-Fi Hotspots

Hackers usually tend to create ‘’’honeypots’. Honeypots are generally Wi-Fi hotspots that might have been created by the hackers within an unassuming name. This often acts as bait as most of the users get connected to such Wi-Fi connection and hackers manage to successfully grab the data that the user sends on the network. Honeypots can be easily configured and set up with the help of any PDA that the hacker might use.

In such fake hotspots, hackers often tend to send out warnings related to system upgrades. This is just a hoax/false action deployed by hackers. Instead of upgrading the systems, hackers tend to install malware that can be used for broadcasting the user’s sensitive information.

Best Practices for Securing Data

If the user fails to avoid public Wi-Fi networks, then at least he can make sure that his data is well secured when the user uses a public Wi-Fi.

Following are some ways in which the user can remain secure at all times when using a public Wi-Fi-

1. Verifying the Network and Disabling Sharing Options

The user, when connecting to a public Wi-Fi, needs to carefully read the network name and always ask someone from the business side, regarding the legitimacy of the shared link. Users must also enquire about the IP address of the network device. As stated in the previous sections, hackers can establish fake networks, so the users need to verify the network name.

Also, whenever connecting to public Wi-Fi, the users must disable preferences as well as file sharing options such as Bluetooth. By keeping the file-sharing options enabled, it exposes the chances of hackers to infiltrate malware to the user devices. Secured mechanisms need to be deployed if the user is looking to transfer his files on a public network.

2. Using a VPN

A VPN (Virtual Private Network) is the most secure way if the user wants to surf the net on a public network. VPN is the best option through which users can keep their information secure whenever they log in to public networks.
The benefit of using a VPN helps in encrypting the data traffic and serves as a secured tunnel between the client and the server. All the data passing through the channel remains invisible to hackers, thus, denying access to the user information as well as activities performed online. VPNs also mask the user’s IP address with its IP address that is being accessed from a virtually different location.

3. Using a Website Scanner

When the user is connected to a public network, there is a high risk that the user (business’s) website might get attacked by one or the form of vulnerabilities, threats and malware. When the users deploy a website scanning tool, they can determine any upcoming threat on their websites and safeguard the critical data by securing their sites. Businesses also ensure that their reputation stakes don’t fall apart and there is no loss of trust. Website scanning tools can be handy for users who’re more often connected to public Wi-Fi networks.

4. Only Visiting HTTPS Websites

If the user fails to have a VPN access, then the least he can do is just visit the sites that are encrypted and have an HTTPS header at the beginning of their URL. When the user visits such websites, the data gets protected from all kinds of threats that are persistent in the network domain. HTTPS ensures that the connection established between the browser and web server is encrypted and data submitted on these sites are free from any kind of tampering.

5. Enabling Firewalls at All Times

With a firewall enabled on the user’s system, it can be extremely beneficial as firewalls deny any unauthorized access. It is essential to understand that a firewall might not give complete protection; however, it needs to be enabled at all times.

A firewall serves as the barrier, thereby protecting the user system from all kinds of malware and threats. It continuously monitors the incoming data packets from networks and evaluates their safety. If a malicious packet is present on the web, then the firewall blocks the packet, thereby safeguarding the user data from any malicious attacks.

Concluding Remarks

On a concluding note, the users need to understand the significance of digital security. Also, the users need to make sure that they’re very well aware of the threats associated with public Wi-Fi and the possible ways to secure their crucial data. The precautions and tips mentioned above can be easily deployed by any user to safeguard their vital information from getting attacked on a public network.

The post How to Remain Safe on A Public Wi-Fi Network appeared first on Analytics Insight.

Running a small business can be hugely rewarding, but it comes with its fair share of challenges too. It is often the case that SME owners have plenty of issues to address on a daily basis, but getting through them all can be tough when only limited resources are available.

However, with so many elements and business operations now being based around online services, arguably one of the fundamental priorities for many is cybersecurity.

Staying safe and secure

Protecting sensitive information and data is absolutely vital in the online world and brands across a range of sectors call on a number of tools in order to do it.

For example, secure socket layer – or SSL – technology has become a vital data encryption tool for many, with Amazon stating on its site that it is used alongside identity verification systems and the Payment Card Industry Data Security Standard to keep information safe. SSL is also important in other areas too, with William Hill’s online casino using 128-bit encryption technology in order to protect the data of its members. The site also follows regulations from gambling authorities and has its games evaluated by Technical Systems Testing to ensure they are fair. Encryption of course also plays a vital role in financial services as well, with HSBC, for example, outlining how it uses SSL encryption to ensure personal information remains safe.

But while there are clearly effective tools out there for many firms to make use of, a recent study has suggested that small businesses are still lagging behind when it comes to addressing cybersecurity. Research commissioned by the Cyber Readiness Institute in the US has found that six out of ten small firms have not implemented a cybersecurity policy, while the figure grew further when it came to businesses with less than 20 employees.

Making a change

Such findings are clearly a concern, but there are also suggestions that many small businesses are gearing up to address the issue once and for all.

A study published by The Manifest towards the end of April found that 64 per cent of small businesses feel they are likely to devote more of their resources to the issue of cybersecurity across 2020. It also found that almost a quarter admit that it is a step they need to take, with the survey also suggesting that a big area of concern is data management.

A fifth of respondents to the survey said they could improve the security of their customer data storage, with key information collected by many including contact details, names and locations. The study suggested that the fundamental cybersecurity measures used by small businesses at the moment include limiting employee access to user data and encryption. Around a third also require strong user passwords, while a similar number also offer some training to their staff on safety and best practices.

A watershed moment?

Cybersecurity is clearly an issue that should be on the agenda of every small business. After all, The Manifest study found that 15 per cent of such firms faced a hack, data leak or virus across 2019.

However, while small firms may lag behind on the issue, it does not appear to be out of any form of naivety or ignorance. In fact, it looks like many are determined to take steps on the matter, with this year potentially being a watershed moment.

Small firms have so much to consider even at the best of times, but it has to be hoped that they will be able to devote the resources necessary to address cybersecurity in the coming months. There are certainly some very positive signs that could well be the case.

The post Time for Action: Are SMEs Gearing Up to Tackle Cybersecurity Concerns? appeared first on Analytics Insight.

In a short period, the Internet of Things (IoT) has catapulted to new heights by leaps and bounds. Internet-connected appliances, smartwatches, cameras, microphones, TVs can do wonders ranging from boosting an enterprise’s productivity to slashing overhead expenses and reducing energy spending within the network. The possibilities of what it can be done with the Internet of Things (IoT) are endless with businesses aiming to find new ways to use IoT devices very new day.

The Internet of Things in simple words is defined as the network of devices connected to the Internet to exchange data. IoT covers a wide range of devices, ranging from hardware sensors to computer programs. The popularity of the Internet of Things devices has begun to pick up steam. According to research performed by a leading research firm, by 2020 nearly 21 billion IoT devices will be in the marketplace.

Internet of Things (IoT) and Cybercrimes

While the Internet of Things offers numerous untapped opportunities for data transfer and exchange, this disruptive technology is framed for instigating Cybercrimes. Here are the top IoT carriers of cybercrimes that you should be aware of-

Smart Security Cameras

The vulnerabilities of smart security cameras alarmed customers after Xiaomi Mijia’s images were streamed from one device to another. This massive breach was detected after the owner of Xiaomi Mijia cameras and Google Nest Hub asserted that he saw images from other’s Xiaomi Mijia’s when he streamed images from his Xiaomi Mijia to a Google Nest Hub.

Smartphones and Smart Speakers

Academic researchers have been successful in designing malware which is powerful enough to exploit a smartphone’s microphone and smart speakers like Amazon Eco to steal the device’s passwords and codes. Smartphones and speakers that are such an important aspect of our lives are not safe anymore.

Vending Machines

Smart coffee machines allow owners to control them remotely using their phones through vocal commands when they are connected to virtual assistant software like Amazon’s Alexa for instance.

Do you know these smart vending machines that dispense tea, coffee and eatables are connected to the internet using dedicated apps can be a potential target by hackers who aim to steal the user’s bank or card details.

Security Protocols to curb the menace of IoT Cyberattacks

A high percentage of IoT devices which promote smart living are venerable to multitude security threats. Thus, identifying effective measures for safeguarding the network it connects to and the technology behind it becomes vital. Here are the security protocols you must not ignore to curb the menace of IoT cyberattacks-

Use stronger passwords

It is always advised to keep stronger passwords for all your internet-connected devices like router, smart speakers or connected closed-circuit tv (CCTV). When you buy a new IoT device, change the default password on the first use. Know that if you don’t change your password, you are leaving an excellent opportunity for hackers. Beware of search engines which crawl the web for connected IoT devices, to steal the default passwords of these devices. If you do not change your password, you are leaving your keys in the door.

Update security patches

Our devices regularly get a security patch update notification, and often it happens that we ignore or forget to update them. This can be a potential bait for cybersecurity attacks. Make sure that all your IoT devices, like a home security device, smart assistants are updated with the most recent software patches. The importance of timely patches to software and operating systems of your IoT device’s security software, apps, operating systems and web browsers is one of the best defences against malware and other threats.

Buy Devices from reliable manufacturers

When you are buying devices from manufacturers who are committed to ensuring your family’s security and privacy you are saving yourself from Cybercrimes. It is always advisable to do your research before you buy a smart device. Check if the manufacturer has had trouble with cyber-attacks in the past.

In a crux, in the technology connected world of today, enterprises have to ensure that they deploy IoT devices with adequate security policies like firewalls, intrusion detection and prevention systems to ensure they cater for the confidentiality of their customers’ data privacy.

The post Countering the Internet of Things (IoT) induced Cybercrime appeared first on Analytics Insight.