Tag Archive for: malware

,

SMBs are being hit with more malware attacks than ever, and many can’t keep up

Between infostealers, ransomware, and BEC attacks, SMBs are having a hard time remaining secure

Information-stealing malware, ransomware, and business email compromise (BEC), remain the three biggest cyber-threats small and medium-sized businesses (SMB) are facing, a new report from Sophos has warned.

The company claims almost half of all malware detected on SMB endpoints last year were either keyloggers, spyware, or infostealers – all malicious programs used to steal sensitive data and login credentials. 

For the researchers, this makes sense as the abuse of legitimate accounts is more difficult to spot, while opening the doors to many more criminal opportunities.

Ransomware and BEC

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” says Christpher Budd, director of Sophos X-Ops.

“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.” 

Infostealers may be the most wide-spread threats, but ransomware remains the biggest. Fortunately for SMBs, the number of ransomware attacks “stabilized”, Sophos said, suggesting that growth slowed down. At the same time, ransomware attacks continue to evolve. Between 2022 and 2023, the number of remote encryption attacks rose by almost two-thirds (62%). Remote encryption happens when threat actors use an unmanaged device belonging to the victim organization, to encrypt files on other systems.

BEC attacks are the second-highest type of attack, right after ransomware, Sophos concluded. The attackers engaged in BEC are growing increasingly sophisticated, and often engage in a series of conversational emails with their victims, and sometimes even phone calls, before deciding to strike.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by

Email attacks on business tripled in 2023 — and ChatGPT was often the culprit

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimize their content and streamline malicious campaigns, new research has claimed. 

A new report from Acronis based on data collected from more than a million unique endpoints across 15 countries, found AI-powered phishing affected more than 90% of organizations last year, and that AI helped email attacks grow by 222% between the second half of 2023, and today.

“There’s a disturbing trend being recognised globally where bad actors continue to leverage ChatGPT and similar generative AI systems to increase cyberattack efficiency, create malicious code, and automate attacks,” said Candid Wüest, Acronis VP of Product Management. “Now, more than ever, corporations need to prioritize comprehensive cyber protection solutions to ensure business continuity.”

Leveraging Chat-GPT

Email attacks, mostly phishing, remain the primary vectors of infection, the report further states, with organizations experiencing a notable 54% increase in the number of attacks, per firm. Most of the attacks happened in Singapore, Spain, and Brazil, and Acronis identified a third of emails (33.4%) as spam. An additional 1.5% contained malware, or phishing links, it said.

Phishing is the primary infection vector for a number of reasons: email is omnipresent, it’s simple to use, and it’s cheap. It’s also easy to automate. Finally, victims overwhelmingly trust their email service providers to keep them safe from threats, often clicking on links and downloading attachments without second-guessing their good nature. 

In the pre-ChatGPT era, the easiest way to spot a phishing attack was to just use common sense and read the email message. Hackers are rarely English majors (many don’t live in English-speaking countries), and their messages were full of spelling and grammar mistakes, as well as clumsy wording and different inconsistencies. However, since the introduction of generative AI tools, email messages have become significantly more convincing. 

“The Acronis Cyberthreats Report H2 2023 highlights the continued threats faced by businesses of all sizes worldwide,” said Michael Suby, Research VP, IDC. “Unfortunately, bad actors continue to profit from these activities and are leveraging AI-enhanced techniques to create more convincing phishing schemes, guaranteeing that this problem will continue to plague businesses.”

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
,

Most consumers can’t spot phishing scams

Some consumers don’t know what the padlock in the browser means

Most consumers in the UK wouldn’t be able to spot a phishing website if they ever landed on one, a new report from NordVPN claims.

The VPN provider recently ran its National Privacy Test, a global survey on cybersecurity and the public’s awareness of online privacy. More than 26,000 people from 175 countries around the world participated in the poll. 

The results showed that almost two-thirds of Brits (63%) couldn’t correctly identify a phishing website, as they were looking in all the wrong places and mistaking certain features as signs of safety. 

Looking for SSL

For example, 85% of Brits wrongly believe a padlock in the web browser’s address bar means the website is trusted. Furthermore, a quarter (22%) of UK respondents said they’d be suspicious of a website that didn’t have a copyright symbol at the bottom of the page, which would make absolutely no difference regarding their online safety.

On the other hand, some red flags were properly identified by many. For example, three-quarters (72%) said that if a website’s SSL showed a random individual or company name, they would be suspicious. Furthermore, four in five (81%) would be suspicious of a website with poor visuals and copy, and 86% would be wary of the site’s address.

Phishing is a cybercriminal practice in which hackers try to trick people into giving away sensitive information such as login credentials or payment information. 

Sometimes, they distribute emails pretending to come from trusted brands, and sometimes they set up malicious landing pages where people would try to log in, or make a purchase. 

There are more than a million unique phishing websites live right now, with “several” new ones being generated every minute, NordVPN concluded. To stay safe, users are generally advised to deploy common sense and never rush to download a file or open a link they receive in an email or a social media message. 

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
,

Email phishing is still very effective – and it’s only getting stronger

Phishing is still by far the most popular attack vector out there. Not only that, but its popularity among the cybercriminal community is growing by the day.

This is according to “Phishing threats report”, a new paper just published by Cloudflare. After analyzing more than 279 million detected email threats, 250 million malicious messages, and more than a billion of brand impersonations, Cloudflare found that phishing is the initial attack vector for nine in ten cyberattacks.

As a result, businesses lose more than $50 billion every year.

Two key objectives

When it comes to phishing, cybercriminals are focused on two objectives: to achieve authenticity, and to get victims to click. The goal to achieve authenticity was underscored by the uptick in identity deception threats, which saw an increase from 10.3% to 14.2% year-on-year. That equals 39.6 million total detections.

Furthermore, Cloudflare’s researchers witnessed attackers impersonating over 1,000 different organizations, in more than a billion brand spoofing attempts. Most of the time (63.3%), the attackers tried to ape the same brands. The researchers identified the top 30 most popular brands, which included big names like Microsoft, Google, and Salesforce (all highly trusted organizations). 

Finally, almost all (89%) unwanted messages squeezed through SPF, DKIM, or DMARC authentication checks. “Attackers’ efforts to achieve legitimacy in the eyes of their victims have proven successful, as we have seen email authentication failing to stop threats,” the researchers concluded.

When it comes to the second goal, Cloudflare says users are more susceptible to the click “as an authentic form of communications.” Apparently, hackers know it’s easier for victims to click a link, rather than download a file. Hence, malicious links were the number one threat category, taking up more than a third (35.6%) of all detected threats. 

In almost all phishing attacks, the email will have a sense of urgency to it, forcing victims to react before taking the time to think their actions through. Given that most firms will not require urgent action in the majority of cases, a company asking for something to be done immediately can be considered a red flag.

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by

Unveiling the invisible threat: Exploring the world of fileless malware

With its ability to evade traditional antivirus solutions, fileless malware poses a significant challenge to organizations and individuals alike, as it can cause severe damage without leaving any traces behind. In this article, we will delve into the intricacies of fileless malware, explore how it works, and discuss effective strategies to protect against this invisible threat.

Understanding fileless malware

Fileless malware is a type of malicious software that poses unique challenges to cybersecurity professionals — it operates without relying on traditional malicious files. By utilizing processes and tools already present on targeted systems, fileless malware can bypass conventional security measures.

One of the key characteristics of fileless malware is its reliance on scripting languages and legitimate software features. Attackers often exploit vulnerabilities in popular applications, such as Microsoft Office or web browsers, to gain initial access to a system. Once inside, they use built-in scripting languages, such as PowerShell or JavaScript, to execute their malicious code directly in the system’s memory, without ever writing files to the disk. This approach allows fileless malware to evade traditional signature-based detection mechanisms, as there are no files to scan for known malicious patterns.

Another technique employed by fileless malware is the abuse of legitimate administrative tools, such as Windows Management Instrumentation. These are powerful and trusted utilities used by system administrators for various tasks. However, cybercriminals can leverage them to execute malicious commands, access sensitive data, or move within a compromised network. By using these tools, fileless malware can blend in with normal system activity, making this threat even more challenging to detect and mitigate.

Mitigating the invisible threat of fileless malware

To effectively protect against fileless malware, organizations need to adopt a multilayered approach that combines proactive prevention, real-time monitoring, and advanced threat detection techniques. The following are some strategies and best practices for mitigating the risks associated with fileless malware.

  1. Endpoint protection and detection – Organizations should implement robust endpoint protection solutions that utilize advanced threat detection techniques, such as heuristics and behavioral analysis. This will help to detect malicious activities, including fileless malware, on endpoints. Additionally, organizations should deploy real-time monitoring solutions to ensure that suspicious activities are identified in a timely manner.
  2. User awareness and education – Cybersecurity awareness training plays a crucial role in mitigating fileless malware threats. Educating users about the risks associated with suspicious emails, malicious links, and untrusted software downloads can help prevent initial infection vectors. By fostering a security-conscious culture and encouraging employees to report suspicious activities, organizations can minimize the impact of fileless malware attacks.
  3. Application whitelisting and privilege management – Whitelisting applications is a powerful security measure that allows organizations to control which programs can run on their systems. By limiting the scope of potentially malicious software, organizations can reduce the risk of fileless malware infiltrating their infrastructure. Similarly, enforcing strict privilege management procedures can limit an attacker’s ability to move within a compromised network.
  4. Patch management and vulnerability scanning – Keeping systems and applications up to date with the latest security patches is another key component of a successful defense against fileless malware. Regular vulnerability scanning enables organizations to identify potential weak spots in their infrastructure before attackers can exploit them.
  5. Network segmentation and monitoring – Implementing network segmentation can restrict movement within a compromised network, limiting the spread of fileless malware. By dividing networks into isolated segments and enforcing strict access controls, organizations can contain and mitigate the impact of attacks. Additionally, implementing network monitoring solutions that analyze network traffic and detect anomalous behaviors can provide early warning signs of fileless malware activities.

Understanding how fileless malware works and implementing effective mitigation strategies are crucial for organizations to stay ahead of this threat. By leveraging advanced security solutions and partnering with a managed IT services provider, businesses can minimize the risk of cyberattacks and keep their systems secure.

Don’t wait until it’s too late — contact us today to learn more about defending against fileless malware.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by
,

Can you get rid of junk mail once and for all?

Email is a terrific tool that brings together friends, family, and business connections. But, unfortunately, it also has a terrible underbelly — spam, often called junk mail.

Stopping junk mail requires diligence, patience, and following specific steps. Unfortunately, that might not be enough to eliminate or even cut down on the spam you receive on any given day — but you can try.

It’s time to learn more about junk mail and how you can (attempt to) stop it.

What is junk mail

Like its physical counterpart, junk mail is typically unsolicited messages and usually contains commercial advertisements. Some junk mail also includes viruses and malware, which could cause real damage to your computer. To stop junk mail, you need first to understand how it happens. Most spam results from mailing lists bought and sold by businesses that contain your contact information. This information is often collected through above-board means, but deception often also plays a role.

For example, a mailing list could have gotten your information after you created an account on certain websites, such as a retailer you frequent or a company you seek more information. Sometimes this information gets collected after someone tricks you into applying online for a “free” gift or visiting a government or official site that is neither.

Today, most email services have a built-in spam blocker separating these messages from legitimate ones. And yet, nothing is foolproof, which means your inboxes will sometimes contain these annoying messages.

What you can do right now

The better combat junk mail, there are various steps you can take. Some can help with current emails, while others are more proactive.

First, use a junk mail filter on your email account: Most of the best email providers include junk mail filters automatically with their service. These tools filter unwanted or unsolicited emails, so you don’t have to.

Junk mail filters typically analyze the content of a message when it comes into your account, looking for keywords and phrases most likely to be found in these types of emails. As a result, junk mail filters not only clear your inbox of annoying messages, they can also protect you from phishing scams and other threats.

A good rule is not to open an email from someone you don’t know. If you’ve already done so, there’s an even more important rule: never open or click on links in unsolicited emails. Many bad things can happen when you do, such as dangerous files being accidentally installed onto your computer, prompts from questionable websites asking for your personal details, and suddenly more junk mail entering mailbox.

You might also consider unsubscribing from unwanted newsletters. These types of messages are often the result of visiting a website and entering your contact details. For example, you might be in the market for a new car, and upon visiting a site, you’re asked to enter your name and email address. That information is typically sold to mailing list companies, hence the steady rise in junk mail.

There are different ways you can do this. First, you can look for an unsubscribe link at the bottom of an email. Clicking on the “unsubscribe” link, and following the directions, will eventually remove you from that mailing list.  You can also attempt to contact the sender directly and ask to be removed from the list. This solution is best when there isn’t an unsubscribe link in an email.

Another solution is to use a newsletter management service and request that your name is removed from subsequent emails. The best newsletter management services typically make it relatively pain-free for someone to get removed from a list. These services are typically very responsive to these types of requests, although it might take awhile before you see a drop-off of mail.

It would be best if you also considered using the Surfshark Incogni tool, which will identify and communicate with dozens of data brokers so that your personal details can be deleted from databases stored by brokers. There are over 4,000 data brokers worldwide that now collect consumer information. Yes, 4,000!

Proactive steps you can take

Moving forward, there are a few online behavioral changes you can make to stop junk mail. These include:

Don’t engage: Your personal information is crazed by companies and organizations, good and bad. So from now on, be extra careful about who gets this information. When visiting a new website, for example, decide whether it’s worth handing over your email without making a purchase. And if you do decide to hand over this information, read the fine print first to see how this information is collected and used.

Trick them: You can give them a different email address when registering. This email can be a secondary email address you only use for website registrations. That way, any would-be solicitations are already separated from emails from your primary account. Perhaps a better way to do this is by using a mechanism like Apple’s Hide My Mail or the open-source SimpleLogin. These tools keep your personal email address private by creating unique, random addresses forwarded to your email. These addresses are made per incident, so you can quickly delete them when no longer necessary.

Start over: If you find it impossible to avoid spam, you can also consider the nuclear option and stop using your current email address. This would require signing up for a new email account and telling your important contacts about the switch, including any company you do business with. Once that tedious task is complete, use the new address and change some of your online habits, as mentioned above.

It’s hard to stop junk mail, but that doesn’t mean it’s impossible. There are various steps you can take to at least limit the amount of spam you receive. Luckily, some of the most straightforward steps get done automatically by whoever supplies you with your email. Beyond this, you can take additional steps, including proactive ones, to improve your situation.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
,

Improve Your Cyber Security Awareness

Learn About Today’s Most Common Types Of Cyber-Attacks

If you’ve turned on the news sometime during the past few years, you’ve probably heard of more than one instance where a business closed due to a cyber-attack. You may think your business is small enough and hackers won’t target you, but this couldn’t be further from the truth. Every business is at risk of experiencing a cyber-attack and should be well-prepared to defend against these threats. With the right type of attack, a cybercriminal can gain valuable information about your business, customers and employees, which can be used to damage your reputation and hurt you financially.

If you’re a business owner or leader and you want to ensure your business is well-protected, check out the most common cyber-attacks that are affecting companies today. From there, you can implement cyber security plans and tactics to ensure your business is protected from cybercriminals.

Phishing Scams

Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure. Phishing scams can wreak havoc on your business and personal life. You may have seen an e-mail from someone claiming to be Amazon or your credit card company asking for specific sensitive information. Often, the e-mail address does not line up with who the person is claiming to be.

When a phishing scam targets your business, they’ll likely request valuable information from your employees such as passwords or customer data. If your employees fall for the scam, they could give a cybercriminal unprecedented access to your network and systems. This may also allow the cybercriminal to steal private employee and customer information, leaving your employees vulnerable to identity theft. Phishing scams can be averted by using common sense and providing cyber security training to your employees. Most companies will not request private information over e-mail. That being said, if an employee receives a suspicious e-mail, they should do their due diligence to ensure the e-mail is genuine before responding in any way.

Malware

Malware is software installed on a computer without the user’s consent that performs malicious actions, such as stealing passwords or money. There are many types of malware, including spyware, viruses, ransomware and adware. You can accidentally download malware onto your computer by clicking on sketchy links within e-mails or websites. You might not even notice you have malware on your computer right now. If your computer is operating more slowly than usual, web browsers are taking you to random sites or you have frequent pop-ups, you should scan your computer for malware.

Prevention is key in stopping malware from affecting your business. Hiring and utilizing a managed services provider is the best way to protect your business, as they will continually monitor your network for exploitable holes. With malware, it’s always better to play it safe than sorry. If a cybercriminal is able to use ransomware on your network, your business could be stuck at a standstill until you pay the ransom. Even if you can pay the ransom, your reputation will still take a hit, and your business could be greatly affected. Be careful where you click on your phone, too, since malware attacks on cellphones have become more common over the past few years.

Attacks Involving Passwords

How do your employees access your network or computer systems? They most likely use a password to log in to their computer, access their e-mail and much more. What would happen if someone with bad intentions gained access to one of your employee’s passwords? Depending on the individual’s access, they could obtain sensitive information about your business, customers and employees.

Your team should be using long, complex passwords for their accounts, and each password for every account should be different. Encourage your employees to use password managers that will allow them to create the most complex passwords possible and keep track of them more easily. You can also incorporate multifactor authentication to ensure nobody can steal a password and gain access immediately. You should make your employees aware of this during your annual cyber security training.

If your business falls victim to a cyber-attack, it could have lasting consequences for everyone involved. Now that you know the most common types of cyber-attacks, you can start implementing plans to ensure you and your business stay protected.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by
Information Technology Services
,

An I.T. Manager’s New Year’s Resolution

An I.T. Manager’s New Year’s Resolution

The beginning of the year is the perfect time to review your systems maintenance program, tweak your plans and processes and optimize your overall I.T. strategy.

Review, Evaluate and Optimize.
More than likely, your business could live or die based on your IT strategy. We have all become dependent on our technology both in our personal and professional lives, so be sure to give it the TLC it needs. Review your key procedures and plans such as network failure testing, disaster recovery, business continuity, virus protection and data backup (for an integrated, online backup, storage and sharing application, click here). For those of you with an on-site backup solution, now is the perfect time to run those backups with a test recovery. With erratic weather on the rise and winter around the corner, taking the time to be sure you have a tight, foolproof strategy in place to keep both your systems and your information protected from loss or damage.

Be Smart About Your Data.
Inadequate protection or spotty management of critical data can have a profound effect on sustainability. Regularly scheduled testing of your backup strategy and implementing a daily backup routine will help prevent the disasters that prove fatal for many companies.

  • 31% of PC users have lost all of their files due to events beyond their control.
  • 34% of companies fail to test their onsite backup solution, and of those that do, 77% have found back-up failures.
  • 60% of companies that lose their data will shut down within 6 months of the disaster.
  • Every week 140,000 hard drives crash in the United States.
  • Simple drive recovery can cost upwards of $7,500 and success is not guaranteed.

We recommend assessing your existing data protection strategy and learn what data repository and storage medium options are available. It’s important to understand traditional backup methods as well as the benefits of developing an enhanced protection solution that meets the needs of your particular business.

Think of it as a Flu Shot for your Systems.
There are lots of people out there determined to infect your computers with viruses. Optimize your security with new or updated anti-virus, Spyware and Malware software. Be wary of free anti-virus software that sounds too good to be true because it often is.  You get what you pay for, and software that protects your computer needs regular and consistent updating to stay useful because viruses are constantly being generated. This is especially important if you use a networked computer system. Do your homework,  invest in effective software and keep it updated. (For an easy-to-use, simple, and effective anti-malware application, try Malwarebytes)
Give your Computer a Tune Up.
Straight out of the box, computers have often been loaded with unnecessary programs at the factory.  So, from day 1, your computer is accumulating software programs, update reminders, “bonus” software, and random files that you don’t need and over time it will become increasingly sluggish. By taking a few important steps, you can get it running efficiently again, for a lot longer. The first thing you should do is disable the programs that start up when your computer boots.  While there are many places this can occur, the easiest one to check is the Startup menu in your Programs menu. Additionally, simple tasks such as clean out your Windows Registry, remove unneeded files and programs, empty your recycling bin or trash, and perform a disc defragmentation can make a huge difference.  Even if your computer has been performing slowly for some time, beginning this regimen is sure to produce results.

Email – a Blessing or a Burden?
Most of us are guilty of being slaves to our inbox, whether we like to admit it or not. We keep every thing that has ever been sent to us out of some sort of unfounded fear of not having it should we ever need it. And the “reply all” function makes it exponentially worse. Well, each of those emails, particularly the ones with large attachments, take up space on your computer  – and space in your head when you are actually trying to find something. Email is the third largest culprit of workplace interruptions and email mismanagement costs you money.   Take charge and clean up that clutter by creating folders and subfolders to organize your communications. Save the attachments that you will need later onto your hard drive in a logical place, then delete the email if its unnecessary. Set your computer to delete your Trash after 30 days. Anything you can think of to reduce the number of emails in your actual inbox will save you time and money down the road.

GCInfotech can get you started on the path to a leaner, more efficient IT strategy. If you don’t have an IT Manager to make a New Year’s Resolution for you, then give us a call.

/by
,

7 signs your computer might have malware

Malware – it’s a loaded word that strikes fear into both luddites and hardened techies. From spyware and unwanted adware to software that’s solely designed to make your day a little less pleasant, there’s a wide range of malware floating around the web, waiting to be downloaded by an unwitting victim.

Thankfully, as protective antivirus software has become more commonplace and ever-easier to use, it’s trickier for malware to get its hands on your computer’s innards.

Don’t become complacent, though. Keeping a keen eye out for tell-tale signs of infection and being proactive about protection is the key to ensuring your devices and data stay perfectly safe.

Here we’ll be running down some of the key symptoms of malware infection to be on the lookout for. And, if you think your digital hazmat suit has been compromised and something nasty has wormed its way in, check out our guide on the best malware removal tools to remedy your silicon affliction.

1. Sluggish performance and frequent crashes

Just like any other software, malware takes up space on your hard drive and uses RAM to function.

However, unlike most programs you’ll have installed, the developers of said malware aren’t interested in streamlining your workflow or creating lightweight applications. All they’re interested in is their end goal – which, in some cases, could be as irritatingly simple as slowing your machine to a crawl.

If your device is taking an age to open new applications despite the fact you haven’t overloaded it, it might be time to crack out a specialist tool to see if something sinister is afoot.

2. New icons, tasks, or toolbars

Noticed something on your PC that you don’t remember installing yourself? It could very well be the doing of malware.

Although less common than in days gone by (we’re looking at you, Yahoo), toolbars and other ‘helpful’ additions that crop up in your browser aren’t always the altruistic applications they purport to be. Instead, they’re likely to be recording your activity and selling your data, or injecting bloated ads into the webpages you visit.

The same goes for tasks running in the background – although these can be little more difficult to decipher. Press ctrl-alt-del and enter Task Manager, and it’s likely you’ll be unfamiliar with plenty of the active processes. However, it’s worth googling any outliers just in case – or, of course, using dedicated software to scan your entire device.

3. Adverts everywhere

Serving infected users extra ads is a quick and easy way for malware developers to generate revenue.

As such, this is as clear-cut a case as we can think of. If you’re noticing trusted websites you frequently visit being overloaded with ads – often strange, foreign, untargeted ads – it might be time to break out your malware detection tool and run a scan.

If you’re seeing ads on your desktop – it can happen – it’s an even surer sign that your device isn’t as squeaky-clean as it used to be. Take action, and stop the ads in their tracks.

4. Your browser settings have changed

Once it’s inside, malware likes to make itself comfortable and adjust its surroundings to suit its needs.

A common symptom of infection is noticing your homepage has changed – doing this is likely to benefit the creator, as the homepage’s traffic will increase ad revenue in real terms. Other settings that may change are cookie settings, your default search engine, and the addition of new extensions.

5. Disabled security software

If some cunning malware has made it past your defenses, it may take action against any security software already installed. Just like when altering your browser settings, malware may well change settings to make it easier for it to do its job.

This could include making firewall rules more lenient, or even totally deactivating all your security software like antivirus. It’s always worth checking in on your AV software to make sure it’s still functioning as you intend – and if not, make sure you take action to stop your settings being changed again.

6. Your hard drive is inexplicably filling up

Another symptom of a virulent malware infection is a hard drive full to bursting without you making any large downloads to explain it.

This is due to the fact that some malware – often adware – is concealed within the folders of seemingly harmless applications. This may be because you downloaded a free program from an unauthorized source or worse: downloaded a pirated version of an expensive app.

Beyond the copyright implications, this is yet another reason to stay savvy about where you’re sourcing your software from, and to always pay for your tools and entertainment.

7. Your internet usage is through the roof

Many forms of malware require a constant internet connection, and use it to download secondary infections.

Other forms of malware like botnets and spyware also need a constant connection to a ‘command and control server’. If you’ve been exposed to these most sinister of infections, your internet will consistently be in action thanks to the back-and-forth between your device and this server.

While excessive internet usage is unlikely to be an issue itself in the era of largely unlimited Wi-Fi plans, it’s a useful symptom to help diagnose any malware-based issues you may be suffering from.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
,

How to spot ‘spear phishing’, an insidious cybercrime trend

True story: At a company I once worked for, employees received an email about an unexpected bonus. In private Slack channels, we wondered whether it was a well-played phishing attempt. Turns out, the bonus was legit, but so was our inclination to question it. Phishing—when cybercriminals pose as legitimate institutions to get info or money from you—is the origin of up to 90 percent of breaches and hacking incidents, says Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security in Alabama.

These cyber bad guys have even taken it to the next level with “spear phishing,” a practice of sending emails that appear to be from someone you personally know. “This happened to me once and it was a humbling experience,” says Adam Doupé, director of the Center for Cybersecurity and Digital Forensics at Arizona State University in Tempe. Turns out, the email seemed to be coming from a colleague, and Doupé was boarding a plane when he got it so he wasn’t as careful as he would normally be. “I ended up replying with my cell phone number,” recalls Doupé. “When the phisher responded with a request to send gift cards, the alarm bells went off.”

Knowing that a cybersecurity expert got played, an average person has to be hypervigilant. But could you be missing out on legit offers and emails because you’re being too cautious? Your first line of defense: install a protection software (like Malwarebytes). This sort of protection that lives on your computer, coupled with our expert tips below, will stop phishers in their tracks.

3 Ways To Tell If It’s Phishing Or Not

Experts say there are a few things you can do if you’re unsure whether an email is a phishing attempt.

1. Check the email address carefully.

Hover your cursor over the full email—not just the sender’s name—to see if anything looks off. “For instance, instead of .com, the address may contain .ru,” says Cilluffo. (.Ru indicates that it’s from a Russian server.) Compare the address on a recent email to one that you’ve responded to previously.

2. Call or text the person you think may have sent the email.

Ever receive an email from a friend or colleague and it seems off? Maybe it’s much briefer than usual or perhaps they addressed you by your full name rather than a nickname. Trust your gut, and don’t respond or click on any links or attachments until you’ve verified the email. While it truly may just be a link to their kids’ fundraiser, it could be the work of a cyber criminal trying to get you to download malware—aka malicious software.

3. Verify through an independent news source.

Sometimes you may receive an email about an important recall notice or info about a class-action lawsuit. Search on a trustworthy news site whether the link contained in your email appears in any news articles, suggests Doupé.

Bottom line?

Cyber criminals are getting more and more creative at making their phishing attempts appear legitimate. Go with your gut, slow down to verify the validity of messages you receive and install a protection software (like Malwarebytes) to stop phishers before they start.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from yahoo.com SOURCE

/by