Don’t Plug in USBs That You Don’t Own – Ever

A word of advice: don’t trust USBs that you don’t know. Generally speaking, don’t just openly trust technology.

By now, you’ve heard that you should never plug in a USB Flash Drive that you don’t own. If you’ve been following along on our blog, you may have seen our post about it last year.

By 2018, the USB game has evolved. We used to just worry about computers, but now we have to be concerned about our smartphones, too. A new research study from Ben-Gurion University of the Negev in Israel has exposed 29 types of USB attacks. These attacks can be carried out by a variety of methods including plugging into a public USB port or using a USB charger.

Tech Republic spoke with one of the researchers, Ran Yahalom, about the study.

Yahalom said, “We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”

He went on to add, “If you go into a coffee shop and use charger there, or an airport or a train tstation, any charger that is not your own, you don’t know what that piece of hardware really does,” Yahalom emphasized. “It may not be a charger, but a microcontroller hidden inside a charger casing. It could be something else. You don’t know. Once put into your phone, anything could happen.

I demonstrated how to connect a keyboard to a phone. But it doesn’t look like a keyboard, it looks like a charger, but it’s actually a microcontroller I reprogrammed. I programmed it to act as a keyboard, so it impersonates a keyboard and it looks like a charger. It’s connected to the socket, but without an electrical part of that charger, it’s just a microcontroller. I showed how to connect it to and lock the phone, a sort of ‘ransomware.'”

Yahalom made a fabulous point that illustrated how we should truly view technology.

“The general rule of thumb is: treat technology as something you don’t naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking lot, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”

Keep a few things in mind…

Bring your own charger.

Use your own hardware.

Don’t trust Wi-Fi networks.

Don’t trust technology.

To read more about these 29 USB attacks, this article on Bleeping Computer will get you up-to-speed.

Be sure to subscribe to our newsletter to stay up-to-date on any technology news.

Amazon Echo Takes Photos for Designer Lookbook at New York Fashion Week 2018

There’s a new photographer on the runway – and here’s a hint: it’s not a person. Amazon put a spin on their Amazon Echo devices when coming out with the limited-edition Echo Look. The camera took over women’s clothing designer Prabal Gurung’s lookbook last Sunday at New York Fashion Week 2018.

The Amazon Echo Look was used to photograph the digital lookbook of the designers Fall 2018 clothing line.  Additionally, Amazon also set up an Echo Look to take photographs and capture videos during the Sunday runway show.

The fashion designer Gurung stated, “Echo Look offers the perfect marriage of fashion and tech and allows for us to showcase the women in our clothes in a new, innovative and exciting way.”

Via @CNET

Of all the smart speakers in Amazon’s lineup, the Echo Look is the most niche product yet. It is geared towards a very specific set of people: those who care about outward appearances. At $200, you’ll receive a photo/video device with a built-in smart speaker (and Amazon’s digital assistant, Alexa!). This device can help you take full body photos and uses artificial intelligence that helps you choose between two outfits.

Since the Echo Look is still in the invite-only stages, Amazon’s collaboration with the fashion designer was to show it’s strong tie to fashion before the public release. It is stated that Amazon will also work with Vogue and GQ to create curated content for the Echo Look app in late February.

2018 Winter Olympics “Olympic Destroyer” Malware

olympic_destroyer
Picture of the Olympic Rings on the Montreal International Olympic Committee (IOC) building (Canada), built for the 1976 Summer Olympic Games

During the Winter Olympics opening ceremony last week, there was a strange failing of WiFI and television systems for on-site journalists that were covering the event. On Sunday, officials from the Olympics reported that the failures weren’t simply an accident – they were the result of a targeted cyberattack against the international events.

Unfortunately, this isn’t the only cyberattack that the 2018 Winter Olympics have been targeted with. The attacks came after the banning of certain Russian athletes from the games. A Russian hacking group, Fancy Bears, claimed responsibility for the various attacks on the U.S. and International Olympic Committees in result of the ban.

After the attack, Cisco Talos looked into the Olympic Destroyer malware and determined that the malware was capable of interfering with a Windows computer’s data recovery processes. Also, it had the capabilities of deleting critical services.

The researchers stated, “The samples identified, however, are not from adversaries looking for information from the games, but instead they are aimed to disrupt the games. The samples analyzed appear to perform only destructive functionality.”

Another major issue was the fact that the files on network shares were also gone. Additionally, the malware uses a self-patching feature that allows it change after moving from one host system to the next. Lastly, it was discovered that it was using the EternalRomance exploit, which is an NSA exploit leaked by Shadow Brokers in 2017 – also used to spread NotPetya ransomware last year (alongside EternalBlue).

As of now, that’s the latest information we’ve seen. We’ll update this if there is more information.

 

Own a Computer or Smartphone? Update It TODAY

You may or may not have heard about the security flaws dubbed Meltdown and Spectre – and no, they’re not related to James Bond. Billions of devices have been affected and hackers are after your processing chip that holds sensitive information. With this being said, update your software! This is only a temporary fix but your desktop, laptop, smartphone or cloud service from Apple, Google, Amazon, or Microsoft can be in danger.

Spectre is the primary threat since it is affecting billions of devices. Meltdown, on the other hand, only appears to affect Intel processing chips.

Apple has already released a note that issues have been fixed to handle Meltdown and is working on Safari changes to defend against Spectre.

We know that many people aren’t fond of updating their devices because of added slowness, we’d highly recommend doing so anyways to protect your information. Experts are saying that the patches deployed to combat the security flaws have the potential to slow computers as much as 30%. As frustrating as that may be, it’s better to be safe than sorry.

Update your devices today to keep your information safe. Subscribe to our blog for more updates on the processing chip security issue.

Some Sonos and Bose Speakers Can Be Accessed Remotely By Hackers

Another day, another smart device hack. It was discovered that some Sonos and Bose speakers have an exposed vulnerability that allows them to be accessed by hackers. This hack opportunity was recently discovered and merely allows hackers to play music remotely through the system. Before you get too worried, just know that this time, it’s largely prank-based. However, this serves as an excellent reminder that our devices should always be connected securely, especially as we allow more cameras and always-on mics (Alexa, Google Home, etc.) into our lives.

As mentioned in this article on TechCrunch, there was a disturbing report of a lady hearing creaking doors, breaking glass and a baby crying at top volumes on her music system. Aside from that, it’s really just been more of an annoyance than anything else.

The good news is, researchers discovered that there are only about 2,000 – 5,000 Sonos systems and less than 500 Bose systems are impacted. The better news is that the issue if because of a misconfiguration with the user’s network because of exposure to a public network. A Sonos spokesperson told TechCrunch, “We’re looking into this more, but what is being referenced is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers. In the near term, anyone concerned about this issue should ensure their Sonos system is set-up on their secured internal network.”

They’ve issued a patch for this issue, but for now, just make sure ALL of your devices are setup on a secured internal network. For more information, visit this TechCrunch article.

31 Days of Cybersecurity in October

It’s almost October meaning it’s time for pumpkin spice everything, Halloween preparations, and Cybersecurity Awareness Month! The month of October is designated to educate the public about the importance of cybersecurity.

For 31 days straight, we will be posting a tip a day on our Facebook page, so be sure to “like” us so you don’t miss out!

According to the Department of Homeland Security, the monthly awareness program was  “designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”

With the direction technology is headed, it’s no secret that cybersecurity is at the top of the concern list for people all over the world. Global Cyberattacks, data breaches, and ransomware attacks have dominated the headlines recently, exposing citizens to an insurmountable amount of cyber problems. While these problems are in fact very real, we believe that a true weapon against cyber-destruction is knowledge.

In some cases, there is a breakout of a phenomenon known as “security fatigue.”

Is security fatigue real?

With the increasing number of cyber problems accumulating on a daily basis, it seems that individuals have been developing a phenomenon known as “security fatigue,” or risky computing behavior in response to too many instructions and ads against such attacks.

Constantly changing passwords, two factor authentication, captcha, and strong passwords are said to potentially add too much of a burden on employees. For those advanced companies, you might start seeing a move towards biometrics rather than counting on ever-changing passwords to act as your security wall.

For those of us who do not have access to biometrics and fingerprint authentication, we’re going to bring an innovative spin to tried-and-true methods all of us should be putting into practice.

Be sure to follow along on our Facebook page for daily tips that are quick to implement and easy to share. Be sure to let us know if you try them out! #Inverselogic #October #CybersecurityAwarenessMonth

New Ransomware Strain Demands Nudes, Not Bitcoin

Normally, when you see the popular kids cartoon character, Thomas the Train, you don’t think anything of it. But if you see Thomas the Train show up on your computer, it might not be such a pleasant sight. As if extorting money and encrypting files wasn’t bad enough, cybercriminals have taken it to the next level: demanding naked photographs instead of Bitcoin. The new ransomware called nRansomware was first spotted by researchers at MalwareHunterTeam on Thursday.

 

The message reads that the computer has been locked and demands the victim to send “at least 10 nude pictures of you,” claiming that they will verify if they indeed belong to them. They also mention that those nude photographs will be sold on the Dark Web.

MalwareHunterTeam warns that it may simply be a prank since it doesn’t actually encrypt files; it’s simply a screenlocker. There is no information on anyone being infected as of yet.

If this is a real strain of ransomware, it’s a very sick, twisted type of attack. While it’s not entirely unexpected because of hacking or malware to access the webcam, it’s definitely reached a new low.

Adobe To Kill Flash Plug-In by 2020

Adobe Flash: your time here is coming to an end. In 2020, that is.

The software company, Adobe, announced today that they plan to discontinue Flash Media Player by the end of year 2020. The plug-in was a major part of the early Internet days, once aiding users in viewing rich content and displaying YouTube videos.

Flash has been on it’s way out since 2011, when Adobe stopped developing the software for mobile devices. Prior to that, Steve Jobs wrote an infamous letter towards Adobe Flash, stating that neither iPhones nor iPads would ever support the software.

Over the past three years, use of the Flash plug-in has rapidly declined. Just 3 years ago, 80% of desktop Chrome users visited websites that used Flash on a daily basis. Since then, the number has dropped to 17% and falling by the day. The need for Flash is nearly entirely gone.

Now that modern browsers support open web standards like HTML5, there is no real reason to keep using Flash. HTML5 supports embedded content directly onto the webpage. And to make matters worse, Flash is constantly plagued with bugs and open security vulnerabilities, which is dangerous with the state of mal and ransomware.

Adobe is helping tech companies such as Apple, Google, Microsoft, Facebook, and Mozilla phase out of Flash.

Anthony Laforge, product manager for Google Chrome, says, “For 20 years, Flash has helped shape the way that you play games, watch videos and run applications on the web. But over the last few years, Flash has become less common.”

Flash: you’ve been good to us, but it’s time for you to finally crash (one last time).

3 Ways to Avoid Being Affected During the Next WannaCry Attack

It wasn’t too long ago that businesses spent over $1 Billion on ransomware (that was in 2016). With two global ransomware attacks that have happened in the past month, it’s clear that the ransomware train is not stopping anytime soon.  

With over 230,000 computers and 150 countries affected, the WannaCry attack definitely made many “wanna cry.” We’re only 7 months into the year and we’ve already been hit with two global attacks; what’s to say there won’t be another one?

Ransomware is a type of malware that encrypts your files in exchange for a ransom. In the premature days, ransomware would only infect a single computer at a time. Now, the infection spreads throughout entire networks at the same time. With the rise of ransomware attacks, it’s more important to stay connected, now more than ever.  

These steps will get you ready for the next attack and keep the hackers at bay.

  1. Backup Your Data

Backing up your data could be the golden to key in the fight against ransomware.

Why are backups so important?

The main purpose of a backup is create a copy of your data in the event of an emergency (i.e. ransomware attack, flood, earthquake, technology failure, etc.). Most backups used to be stored on actual appliances, which still run the risk of being either infected or damaged in the event of a disaster. Since attackers have gotten wiser, servers and machines are now regularly being infected alongside computers, which is why it’s so important to backup to a ransomware resistant virtual appliance.

Being able to backup your data and restore it immediately is a crucial step when fighting against ransomware. To be able to restore your data and get back to business without paying the ransom is invaluable!

As an IT company, we have helped many of our clients recover from ransomware, which is why we only partner with trusted backup storage and solution companies. If you are looking to upgrade your backup solution, our most trusted partner is reevert Storage and Backup Solution. Visit their website for a free 30-day trial.

  1. Avoid easy passwords 

Having to remember a million different passwords can be a hassle, it’s true. But instead of looking at it like that, just think about what a real hassle it would be to be hacked. By changing your password every few months, you’re being proactive in battling hackers from stealing your data.

To learn the do’s and don’ts of passwords, check out our infographic here.

  1. Keep your Windows up to date

While you can do your absolute best to avoid clicking on the wrong emails or going on safe sites, it can all be compromised if you don’t update your Windows system. What made Petya malware and WannaCry so successful was that they exposed vulnerabilities in unpatched systems, allowing them to leak through onto the system. By updating your system as soon as the patches are released, you’re being proactive in protecting yourself against ransomware.

If you have Windows 10, updates will automatically be installed. If you’re running on any system before that, be sure to run these updates immediately.

Email security is also an important factor in fighting against ransomware. To learn about email security, read our blog

Don’t let the perpetrators win. Follow these tips to avoid being a victim during the next WannaCry attack.

What To Expect On Amazon Prime Day

The date “July 11th” leaves Amazon Prime Members feeling warm and fuzzy: it’s Amazon Prime Day. Get your wallets ready.

This is the third annual Amazon Prime Day and it’s supposed to be their biggest event yet. While they typically follow the “lightning format” (thousands of products going on sale every 5 minutes in limited quantities), Amazon guaranteed sales on a number of their own products that will last the duration of the day. Prime Day starts at 6 p.m. PT/9 p.m. ET today, July 10.

Here are some of their confirmed deals from their press release:

  • Save 50 percent on Amazon Echo, only $89.99
  • Save $15 on Echo Dot, only $34.99
  • Amazon Tap is $50 off, only $79.90
  • Save $30 on new Fire HD 8 tablet, only $49.99 (also available as a three-pack for $119.97)
  • Save $40 on Fire HD 8 Kids Edition, only $89.99 (also available as a two-pack for $149.99)
  • Save $20 on Fire 7, Amazon’s best-selling tablet, only $29.99
  • Save $30 on Kindle Paperwhite, only $89.99
  • Save $30 on Kindle, on sale for $49.99
  • Save $50 on Kindle Voyage, on sale for $149.99
  • Save $50 on Kindle Oasis with Free Wi-Fi+3G
  • Save $30 on Kindle for Kids Bundles, only $69.99
  • Save $75 on Echo Show and Arlo Security Camera bundle
  • Save $250 on the newly released Element 55-inch 4K Ultra HD smart LED TV — Amazon Fire TV Edition, only $399.99 [see CNET’s advice on this product]

If you’re not yet a Prime member, sign up for your free trial now ($99 a year, but well worth it). If you’re a student, you can get your 6 month trial at no cost.

Deals start tonight, 7/10 at 6PM PST! Happy (almost) Prime Day!