by Payton | Aug 13, 2018 | General
Botnets are a string of private computers linked together by one server. While some types are legal and serve to run websites, others are malicious. These illegal botnets connect computers through infection by malware, namely Trojan malware. Other less common infections occur through drive-by downloads and spiders. While the owner often doesn’t know that they are infected, the cybercriminals controlling the botnet have full access to their computer and information. Additionally, these criminals can make your computer a zombie to perform tasks for them. Any device that can connect to the internet including PCs, Macs, smartphones, smartwatches, laptops, security cameras, and other smart appliances can be incorporated into a botnet.
How Botnets Work
After downloading infectious software, the botnet contacts its creator, and your computer is now is under his/her control. The creator’s ultimate goal is to incorporate millions of computers into their botnet web or zombie network. This occurs because the more computers there are in a web, the stronger the cyber attacks. Once in control of your computer, these cybercriminals can perform malicious tasks including:
- Sending spam
- Influencing elections
- Using their web to create DDoS attacks where they overload the website with all of their botnets until there is a denial in service
- Creating fake internet traffic for financial gain
- Creating ads for financial gain
- Mining cryptocurrencies
In other cases, cybercriminals create zombie networks to sell to other criminals. This allows more people to have access to your data. Furthermore, these infections are very skilled at hiding themselves. They use minimal power, so they do not disrupt normal computer function. Some botnets even adapt to avoid security software detection.
Different types of Botnets
Client-server model
This type of botnet uses a single master server to transmit information to each member of the web. They do this through command and control servers to effectively relay information.
However, while client-server models are great for conveying information to the zombie network, they are also easily detected and stopped by law enforcement because they use command and control servers. In order to destroy the botnet, one must simply destroy the server.
Peer-to-peer
This structure is similar to the client-server model. However, instead of having one main server to distribute information, each computer in the web acts as both a receptor and a server. Similar to how people communicate peer-to-peer, these computers talk to each other to relay information. This makes it harder for law enforcement to detect because there are many servers and destroying one will not destroy the botnet.
How to protect yourself
Protecting your personal information is pretty straight-forward. Some of the common recommendations to protect yourself from infection and to rid your devices from current botnets are:
- Download and run malware software often
- Update your computer system, applications, and security software often
- Do not click on or download suspicious links and attachments. This includes all links sent from unknown email addresses, websites, and pop-ups.
- Utilize a firewall to ensure security while you browse the internet.
- Avoid suspicious websites
For more information about cybersecurity, visit our website https://dynagrace.com/.
Image Resource: Featured Image https://pixabay.com/en/network-computer-laptop-connection-698598/, https://pixabay.com/en/businessman-internet-continents-2682712/, https://pixabay.com/en/internet-cyber-network-finger-3563638/
Resources: https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html, https://usa.kaspersky.com/resource-center/threats/botnet-attacks, https://www.pandasecurity.com/mediacenter/security/what-is-a-botnet/
by Payton | Aug 6, 2018 | General
Trojan malware was named after the Trojan Horse that ancient Greeks used to infiltrate the city of Troy. The wooden horse was perceived as a gift to the Trojans, but it was a ploy to sneak Greek soldiers behind the Trojan walls and ultimately win the war. Trojan malware works similarly. This malicious type of malware is disguised as regular software. Once downloaded, Trojans survive by remaining unnoticed, which makes it a popular choice for many cyber-criminals.
What Happens When You’re Infected
Instead of spreading and multiplying like other types of malware, Trojans go unnoticed and collect your online information and gain access to your computer system. They also infiltrate your security systems so that hackers and cyber-criminals can gain access to your data. Upon activation, Trojans allow these hackers to have access to your system and data. They also enable them to spy on you and disrupt your computer and network’s performance.
Different types of Trojan Malware
Trojans can take many forms, and they have a diverse range of functions. Some of the more common types are:
- Backdoor Trojan: creates holes in the computer’s security that allows hackers and cyber-criminals access and control over your data and software. These Trojans make it so invaders can send, receive, download malware, and alter files.
- Downloader Trojan: download new malware, Trojans, adware, and other malicious programs onto your computer.
- Spy Trojan: spy on you by tracking your data, passwords, and highly used applications and websites.
- Distributed Denial of Service (DDoS) Attack Trojan: target web addresses from your computer to increase online traffic that eventually overwhelms the network and results in service denials.
- Banker Trojan: Steals online banking data so cyber-criminals have access to your credit cards, debit cards, and electronic payment systems.
How to protect yourself
The best way to protect yourself is by installing anti-malware software and periodically running diagnostic scans. Additionally, be sure that your software is frequently updated because Trojans will take advantage of any security holes caused by outdated software. Trojans can infect all types of devices including PCs, Macs, smartphones, laptops, and tablets, so be sure to use the anti-malware software on all of these devices.
In addition to anti-malware software, you can further protect yourself by avoiding questionable websites, links, and downloads. Trojans are commonly found linked to pirated materials and links in unfamiliar emails. Also, use complex passwords and firewalls to guard your accounts and personal information.
For more information about cybersecurity, visit our website https://dynagrace.com/.
Image Resource: Featured Image https://www.flickr.com/photos/agungordu/8027072165/in/photolist-dejQTX-4mtSuS-h8Tza9-chUzEd-rg8RXc-7nU23o-278PAKf-6VM7yZ-akWWxt-fQRXgN-SPMS47-TDqs9w-jCyLU8-8Zjeqb-5gFgJa-QXhnYo-4kXqAY-cnDaco-zsCwH-22sUP4S-7dRpjn-UkfSpm-cJ4SR-7QMMGR-hQbSW9-6y1okX-85ZK2d-chUzSE-j1hUSJ-dxERdG-dmDPum-9szWNc-DMRPjs-USWRgW-akQCTe-anDES1-amHTC7-36C3ve-TN9xLL-8yh4i7-dQLG1v-fk3wTF-BpWq5-ahUKwV-p6NYnc-dEYL5a-chUzrU-aCkxpU-9szXoX-5xvJb3, https://pixabay.com/en/computer-security-padlock-hacker-1591018/, http://www.flickr.com/photos/bestfeeler/3745313965/in/photolist-6GXHmH-d4FvJj-pkUinY-iRZihN-bFqELx-boQMhi-TpK8SH-p4Vsnp-9yT5S5-24C7iDm-JMMjN-5NoQVW-bMCTW4-hkUUG-C54G-rU5Gz-dV9Moj-o42Hvu-nqxkzs-9Awwzb-q776tA-48un2Y-RYdqgB-48uo8C-bx7247-4HTgd1-a1NMpt-S3vD6L-9nTrJR-5ovQo4-9H21B4-5o2KcX-8Pp9bL-92BbjT-aMdLyD-akHpAX-nhFXbQ-9PtgrN-e8LbEt-6RaLuA-S8N6UT-9KmSgc-7VpYUh-75B6BC-6bJt4d-5MeZjC-9QQWsK-5n6spx-8Syukw-9nuz7m
Resources: https://www.avg.com/en/signal/what-is-a-trojan, https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html, https://www.intego.com/mac-security-blog/whats-the-difference-between-malware-trojan-virus-and-worm/, https://usa.kaspersky.com/resource-center/threats/trojans, https://www.guru99.com/learn-everything-about-trojans-viruses-and-worms.html
by Machelle | Jul 2, 2018 | Cybersecurity, General
As advances increase with the internet, so are people progressing cybercrime tactics on the internet.
Phishing is a cybercrime in which the perpetrators persuade its victims to release sensitive personal data. Financial details, passwords after contacting them via emails, text messages under the false pretext of being a legitimate organization are some examples. The moment information releases it results in identity theft, access to personal accounts, and substantial financial losses.
Common types of phishing
1. Spear Phishing
In spear phishing, the cybercriminals take time to gather information about you and use it in the email to appear legitimate. They go as far as mentioning your name, your phone number and where you work which they usually obtain from social media sites. After which they request for sensitive information, which they use to defraud their victims. Both spear and deceptive phishing, share common features which are the manner they reach out to people and the sense of urgency in their tone of their emails, sometimes they make you believe that if you don’t comply something terrible may happen.
2. Deceptive Phishing
Phishing of this type occurs when the scammer sends an email from a company that you always patronize their services. The scammers act as though they are employees of the company and request for your details in the email they send, placing deadlines on your compliance. The email usually contains fraudulent URL links that will have forms where personal information will be filled in. Protect your yourself from this kind of phishing attack by being more observant, with regards to URL sites before clicking to be sure you are about to visit a legitimate domain.
3. CEO Fraud
Here, the target is usually a top executive in a company, these scammers hack into their emails and send messages to junior employees most times requesting that money transfers to another account. They exploit the organogram of an organization as they know that most low ranking won’t ask questions and readily obey instructions from their superiors.
4. Search Engines, Dropbox and Google Docs Phishing
Some phishing scams involve search engines or favorite sites like Dropbox and Docs, where the users are always uploading and downloading as well as sharing files. They pose as Dropbox or Google Docs and request personal information just as in spear phishing.
Also, these scammers could hoist fake websites presenting low-cost products or offering loans with a low-interest rate. They defraud their victims when as they enter credit card details to patronize them.
5. Pharming
Also known as web delivery or ‘man-in-the-middle,’ here, scammers take over a website, lock out the webmasters redirecting the users of the websites to their fraudulent sites. It is considered the scariest type of phishing because if users of these websites are not careful enough, they give their details to the wrong persons. Also, the scammers may hack into the communication link between the users and the websites and pick vital information about the users without them knowing about it, hence the name ‘man in the middle.’
IDENTIFYING PHISHING THREATS
The following features are ‘red flags,’ warning signals you should look out for to protect yourself or your organizations from phishing scams.
Hyperlinks:
Clicking all links shouldn’t be done. Before clicking look at the link. If the link has spelling errors, avoiding it would be wise. These scammers usually use popular websites but deliberately misspell the address which vulnerable individuals will overlook.
Unbelievable offers:
Be careful about emails that have too-good-to-be or unbelieving offers. Offers like this are designed to catch attention and lure its victims into fraud. Whenever you see such emails, stay away from them.
Unknown Sender:
Any email that comes from unknown persons should be known as a phishing scam threat. There is no need to open it, delete it!
Attachments:
Once you see emails with attachments that you weren’t expecting, it is best you don’t download the websites. Phishing scams perpetrate in this manner and attachments of this sort could contain malware or viruses that would seriously harm you.
Emails with deadlines:
Never forget that financial institutions will not rush you to provide your financial details via the internet. Institutions usually give lots of time for you to comply. Therefore, disregard any emails, requiring your data with a high sense of urgency, this is a typical style of scammers. Contact your banks or any other institutions and verify appropriately before filing financial detail online.
PHISHING PREVENTION TIPS
In recent times, these scammers are becoming more innovative. Scammers intensify the menace of cybercrime. Against this backdrop, the following are tips to help you stay away from phishing attacks:
Change your browser settings
Adjust your browser’s settings to permit only verified sites to open. As a user, there is a need to explore the browser feature which gives an alert when a fake website is opening. Such warning signs should be adhered to strictly.
Use spam filters
What these filters do is to trace the source of the message, determine the software used to send the message, the appearance of the message and then blocks it. Sometimes the spam filters may even prevent your emails to keep you protected.
Always change passwords or use multiple factor authentications
An excellent way to avoid phishing attacks is to change passwords on a regular basis, avoid using the same password across accounts on the internet. Webmasters should adopt the multiple factor authentication or the CAPTCHA systems to prevent security breaches on their websites.
Cross check every URL
Before clicking, it is essential to take a second look, at the URL. Safe websites will always start with “https”; this is a proof that it has a valid Secure Socket Layer certificate.
Finally, to avoid severe losses of money and credibility, organizations and even individuals should invest in getting the right and updated information for the cyber attacks and cybersecurity. When applying regularly, you and the organization has protection from any form of cyber attack.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resource:
Image Resource: https://pxhere.com/en/photo/714530; https://pxhere.com/en/photo/989227; https://pixabay.com/en/phishing-fraud-cyber-security-3390518/
by Machelle | Jun 25, 2018 | Cybersecurity, General
The signing of the Modernizing Government Technology Act (MGT) was in December 2017. Federal security operations for several years have been using hardware and software that are needing to be more modern. Obsolete technology has posed challenges in protecting the nation cyberspace and vital national data from cyber-attacks.
Making Room for New Technology
What is the Modernizing Government Technology Act
The government spends about 75% allocation to information technology. This spending is maintaining and ensuring that these outdated information technology systems remain operational. The risks these systems pose are a result of their inability to utilize current security practices. It includes multifactor authentication and data encryption. They are also expensive and always fail to fulfill the mission requirement and vulnerable to malicious software.
Against the backdrop, in a bid to address these issues, the Modernizing Government Technology (MGT) Act was passed by the legislatures. Through this
means, the government can empower federal agencies to effectively discharge their duties with regards to cybersecurity and information technology services.
The primary purposes of the Modernizing Government Technology (MGT) Act are to:
Curtail current and operational risk of the information technology systems of federal agencies by ensuring that they are compliant with recent security technology.
Assist the federal government in cutting cost with regards to information technology via modernization
Hasten the acquisition and application of modernized information technology practices such as cloud computing, data encryption and lots more through the provision of stable funding and transparent acquisition procedures.
Benefits of the Modernizing Government Technology (MGT) Act
Federal IT experts in some quarters are of the opinion that the MGT Act is long overdue. Nevertheless, the law has lots of benefits with regards to operational ease, data security, and investment opportunities. The following are the significant benefits:
Access to capital funds that will boost the modernization of IT systems:
MGT Act gives room for heads of different agencies to access working capital funds. These funds can be used to update or replace existing IT systems with modern state-of-the-art information technology systems. Also to adopt and train their staff on new risk–inclined cybersecurity measures.
The Funds
The funds can be utilized by agencies to ensure a smooth transition from legacy IT systems to cloud. Or, a shared service to boost security and effectiveness in the discharge of their duties serving the American people.
This gesture will empower these agencies to reprogram or transfer funds. This includes those earmarked for the maintenance of obsolete IT systems for other variety of projects or investments which are within its mandate as a federal agency.
However, monitoring the utilization of these funds are required to submit comprehensive reports regarding the expenditures and balances every six months. These reports are made public for the sake of accountability.
Migration to cloud systems:
The MGT Act will hasten up the movement to a Cloud system. This migration is more cost-effective and has access to another realm of innovation that associated with cloud systems. It also offers a more secure means to handle data.
Expect that these agencies will, for the sake of providing better services, jettison the legacy system for more efficient digital technology. A good example is the network modernization that allows Chief Information Officers (CIO) to know what exactly happens in their operations.
Although there are critics of the MGT Act, who say that the Act is a misguided venture, the benefits will improve the lives of the American people.
Resources: https://www.fedscoop.com/trump-signs-mgt-act-law/; https://www.whitehouse.gov/about-the-white-house/the-legislative-branch/; https://www.investopedia.com/terms/c/capital-funding.asp; https://www.techopedia.com/definition/635/legacy-system
Images by: Business Technology – Cyber Security [www.bluecoat.com/; https://www.flickr.com/photos/111692634@N04/]; US Capital https://pxhere.com/en/photo/738025
by Machelle | Jun 11, 2018 | Business, Cybersecurity, General, Information Technology
In recent times, online thievery has become so rampant cutting across every facet of human endeavors where data systems are in use.
The frequency of hacking has become very high that’s it is believed to occur every minute. This particular development has raised concern in several quarters on how exactly to be free from hacks, how can we stop the activities of hackers.
The following are trusted tips to prevent hackers from intruding into your files.
-
Keep your security software updated
Being safe entails being watchful. Safety could mean making sure all routes viruses could take into your system is blocked and steadily watched over. All you need is to install capable anti-spy wares or antivirus and ensure they are always updated. To ensure your system has protection, you can also connect to a network firewall. Firewalls help scrutinize data going in and out of your system, identifying threats and neutralizing them as well.
-
Always change your passwords
Before now, all that would occur was changing the default passwords to words that we can easily remember. However, things have changed. Customizing passwords are no longer enough to protect you from hacking. Your passwords must be strong. It should be a mixture of different numbers, characters of both upper and lower cases alongside symbols.
The understanding that the only portal hackers have into your business systems is via your username and passwords. This info should encourage you to continuously change your username as well as passwords on a widespread basis. Though this approach may be stressful, it is a small price to pay to be secure online. Nevertheless, as these changes continue, care must be taken that the new passwords are secure from unlawful persons.
-
Restrict access to needless sites
Limiting visits to specific sites might be one of those giant strides you make to be safe online. Some sites, like pornographic web pages, can be harbors of different forms of malware or viruses. Viruses could render the entire business operating system vulnerable. Against this backdrop, it becomes vital to take serious measure to block sites of this sort.
-
Carefully chose your Internet Service Provider (ISP)
Different firms now provide internet services, not all of them can keep you protected. There is, one primary criterion to be considered while choosing an ISP, before cost and speed. It is built in security features. A perfect ISP should have all these features and save you worry while using the internet.
-
Invest in cybersecurity education
Continuous training in cybersecurity trends is vital for any organization that is serious about keeping its data way from hackers. Training can be carried out via workshops, videos, employee drills or any other method. This is vital to ensuring that they are not ignorant of matters that pertain to cybersecurity.
Knowing these tips and acting on them is another. However, the reality is that we live in a time where cyberattack is on the rampage threatening the very existence of a business. To efficiently stop these hackers is to be security conscious while using the internet and consistent implementation of these tips.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resources: https://dynagrace.com/cybercrime-invisible-crime/ ; https://passwordsgenerator.net/ ; https://www.sans.org/cybersecurity/
Image Resources: https://pxhere.com/en/photo/1331118; https://pxhere.com/en/photo/867306; https://pxhere.com/en/photo/1366057
