Skip to Content

Category Archives: Security

Hacker Halloween

Monsters may be out of your age range, however, technology can be a scary place, it’s always connected and open for hackers, malware and viruses. Halloween is the scariest time of the year with ghosts, monsters and demons, however, is the horrors found in technology more terrifying?

New devices are being created each year to make your everyday lives smarter and more efficient but it is up to you to ensure your devices are secure. This involves any device that is connected to the internet such as televisions, gaming consoles, home router, Google Home, Alexa, security cameras, baby monitors, smart locks and even smart thermostats, these can all make your home vulnerable.

Hacker banner

These devices are known as the Internet of Things devices or IoT for short, IoT devices have provided cybercriminals with new ways of gaining access to devices and the reason why these devices are targeted is because they have little or no security.

Heres how to keep your devices safe not just on Halloween but all year round.

Router security 1

How to become secure 

Equip your home router with strong passwords as this is the key element in connecting all of your devices and make them operable.

Rename your router, don’t keep the name that it comes with as this may distinguish the make or model. Give your router an unusual name that doesn’t relate to you or your address, as you don’t want to give away any personal information.

Strong password 1

Set up a guest network that visitors or friends and relatives can use and doesn’t link with your IoT devices.

Change any default username and passwords that come with your devices as some hackers may already know the default passwords for some IoT devices which makes it easier to access them.

Random password 1

Also, use strong passwords and avoid the common words, use more complex passwords which you can do by mixing up letters, numbers and symbols. You may want to consider a password manager.

Keep software up to date, if you get notified of a software update don’t ignore it. These updates could include security patches, make sure that you are downloading the updates to ensure that you are secure.

Two-factor authentication, you can receive one time codes that get sent to your phone as well as entering a password which helps you become more secure if this is offered it is beneficial to use it.

Password 1

Can it be stopped?

It is very unlikely as hackers find new ways each day, you can stay one step ahead of hackers by following the steps provided above.

Don’t forget to check out our other latest blog posts on our website and don’t hesitate to get in touch if you think we could help your business run smoother!
You can reach us on 0333 444 5353 or email [email protected]

 

2 Continue Reading →

Password security 101

Do you know how strong your passwords are?

They’re probably not as strong as you think. Why wait until the one day a year where everyone talks about the subject? World Password Day is an annual celebration to promote safer password habits. It takes place on the first Thursday of May each year, but why wait another 10 months to tighten up your password security?

While passwords are a common form of authentication on the Internet, they’re more often than not the only line of defence between hackers and your personal information. Our helpful team at Cloud53 HQ would be happy to talk things through with anyone who is concerned about their security and anyone who wants better defences. In the meantime, the information below may give you some quick pointers!image

What is Password Security?

Password security, though often overlooked, plays an extremely important role when it comes to protecting your identity on the Internet. After all, it keeps unauthorised users from breaking into your online accounts and stealing your personal information for their nefarious purposes like impersonating you to commit crimes in your name.

You can free yourself from risk by resetting your old, weak passwords to long, un-crackable ones and remind your friends, family and colleagues to do the same. With identity theft and other cyber-crimes at an all-time high, setting robust passwords is crucial and we’re going to show you exactly how to go about that.

How Hackers Can Steal Your Passwords?

Have you ever wondered how hackers go about cracking your passwords? Well, here are some of the most common ways through which they can steal your passwords, and ultimately, your personal information:

1. Brute force attack

One of the most common password cracking techniques out there, a brute-force attack involves checking all possible key combinations until the right one is found. Since hackers use complex algorithms to try multiple combinations at super-fast speeds, rest assured that your short passwords will be cracked in no time!

2. Password sniffing attack 

A password sniffing attack is a technique used by hackers to collect your credentials on unencrypted connections. By using a combination of easily available tools on the Internet, they monitor all incoming and outgoing traffic on a network so they can intercept your usernames and passwords as they’re being transmitted.

3. Phishing attack 

Even though phishing is an old trick in the hacker’s playbook, it’s still going strong and doesn’t seem to be going away anytime soon. Typically, it entails sending an email to the victim by impersonating a legitimate entity and requesting that they provide sensitive information like usernames, passwords, and even credit card details.

4. Social engineering attack 

A social engineering attack requires little technical knowledge and relies on human error, tricking otherwise unwary employees or users into performing certain actions or revealing confidential information such as passwords or bank account details.

5. Dictionary attack 

In a dictionary attack, a hacker tries hundreds – or sometimes even millions – of likely possibilities derived from a predefined list of words or dictionary in order to defeat an authentication mechanism like passwords.

6. Keystroke logging

Keystroke logging, also known as keylogging, is a technique that involves the use of a program to record or log every keystroke so they can obtain confidential information like passwords without the knowledge of the unsuspecting user.

So how do I make a secure Password?

Now that you know the common password security mistakes you need to avoid, let’s discuss how to create strong passwords. The following are some password tips to prevent hackers from accessing your online accounts:

 1. The longer your passwords, the better.

The passwords you decide to use should be at least 12 characters in length so that they’re difficult to break. The longer a password is, the more combinations a hacker would need to try in order to successfully crack it.

2. Aim for complexity.

Password length and complexity go hand-in-hand in the quest to creating strong passwords, so make sure you include lower-case and upper-case letters along with numbers and symbols. Mix them up like you mix your cocktails on a Friday night!

3. Unpredictability is key.

Unpredictability is key when it comes to password strength. Avoid predictable words, passwords based on dictionary words, as well as any references to your personal life or popular TV shows, video games, and movies.

4. Unique is the way forward. 

We’ve already highlighted this before, but its importance can’t be emphasised enough: Only use one password for one account.

Hopefully you are now equipped with the knowledge and ready to update your passwords. However, if you are still feeling uncertain and would like some more advice, don’t hesitate to give one of our friendly staff a call on 0333 444 5353 or drop us an email at [email protected] and we’ll be in touch with some more helpful tips!

3 Continue Reading →

Windows 7 – is this the end?

Windows 7

Windows 7, as an operating system (OS), is probably the most popular OS in history, XP was good in its day but Windows 7 beat it. It was released in 2009 and in its first year sold 240 million copies, that’s 7 copies every second! It has become the staple business Operating System and it was only at the end of 2018 that Windows 10 became more popular. As of April 2019 Windows 10 accounts for 44%* of Operating systems on Desktops/Laptops with Windows 7 still having 36%* of the market. Windows XP that went end of life 5 years ago still has 3.5%*.

Nobody knows the exact number of computers in use worldwide but in 2015 it was estimated to be around 2 Billion, if we take that as todays figure then there are around 720 million Windows 7 PC’s in use worldwide! One hell of a successful OS for the last 10 years!

BUT in January 2020 Windows 7 is officially retired and in Microsoft terms is ‘end of life’! What does that mean? Well simply it will continue to work as it always has done, in much the same way Windows XP still works however there will be security risks which may be acceptable for a home computer but typically is going to be a major risk for business computers. Furthermore the latest applications and/or updates may not work on Windows 7.

Microsoft releases critical and security patches regularly for all operating systems as and when potential threats or vulnerabilities are found, the numbers per month vary but typically there are around 20 per month from Microsoft, from January 2020 these will not be released from Microsoft for Windows 7.

Options?

  1. Carry on as you are using Windows 7 and accept the risks.
  2. Upgrade your Windows 7 to Windows 10 subject to the computer hardware meeting Windows 10 requirements.
  3. Purchase a new computer which comes with Windows 10.

 

Essentially if you are a Windows 7 user Microsoft have effectively backed you into a corner, it is a major risk to continue using Windows 7 and the longer it is used after January 2020 the larger the risk becomes. The best advice, to be safe, is to move to Windows 10 however this will come at a cost.

Remember the WannaCry Ransomware attack on the NHS last year? This is estimated to have cost the NHS £92m and affected most XP machines within the NHS that were powered on at the time, the hack happened due to a vulnerability within the OS as no updates for XP had been released for 4 years. Something similar is a very serious threat to Windows 7 after January 2020.

Cloud53 would be happy to discuss the options with any company concerned about their OS strategy ready for the next decade.

*figures from netmarketshare April 2019

0 Continue Reading →

Windows Sandbox – Coming Soon!

A new feature coming to Windows 10, for Pro and Enterprise users and it is called Windows Sandbox. Windows Sandbox is software that allows you to create a temporary isolated environment which can then be used to run a potentially suspicious app or just for testing.

Sandbox will come as part of Windows Pro/Enterprise and will be shown as a feature ready to be installed

This implementation makes it easily accessible and less work than creating a Hyper-V session for a quick test.

sand

The set up for Sandbox is very simple, once opened it’s effectively a clean and new installation of Windows, no need for a complicated set up as with other virtual environments. It has the host’s diagnostic data settings and all other privacy settings are set to the default values, totally secure and away from your network. Each time a new session is closed all settings revert to default so every session is new and fresh.

This is a very convenient security measure to have in place. You will be able to witness first-hand what an application does when run, therefore if it is harmful you can remove it from your PC without ever opening it and exposing it to your files/network as the sandbox is ring-fenced.

The reason it does not affect your PC is because it uses hardware based virtualisation for the kernel isolation. That is done by relying on Microsoft’s hypervisor (Hyper-V) to have Sandbox separate from the host.

It is in the early stages but requires Windows 10 build 18305. Obviously as this is still in beta there could be compatibility issues and performance issues.

0 Continue Reading →

An Alexa Issue

51TFnR7AtGL._SY300_QL70_

Living in a world where people are always wanting the most up to date technological advances, there can be a darker side to these new products, an example of this has just recently been reported in the news.

The ‘Amazon Alexa’, a voice operated device which is referred to as a virtual home assistant which has a variety of different functions to allow you to say a certain phrase and the device will respond accordingly, has apparently been listening in on private conversations from its customers, when the device has not been triggered to be listening, and sent the recorded conversation to one of the people in the customer’s contacts list.

This goes to show that not every new device on the market is perfect and if we ever are in range of one of these voice operated products we should be careful on what we say, because you never know if something could go wrong and the conversation being unknowingly recorded, and possibly sent, is not just a harmless one about hardwood floors as this couple from Portland, Oregon experienced.

 

0 Continue Reading →

Remote Access Warning

remote-access-laptop-hacker-security-300x300

About a month and a half ago, there were some reports surfacing of some TeamViewer users being hijacked. This mostly surfaced around 30-05-2016 to 02-06-2016, although there are some reports dating back to mid-June. The logs note that most of these computers were accessed through TeamViewer, with IP Addresses originating from a Chinese VPN, using a method known as “Custom Password”. TeamViewer has refused to explain what method is used for that to appear in the logs. The computers that were hijacked, had the saved passwords stolen, then they opened Chrome/Internet Explorer to attempt to send coupons or vouchers to China through Amazon, PayPal, or abusing any of the saved  passwords while logged into their machines.

Only a few of these computers were accessed by simple dictionary attacks due to the default 4-number password, which could be accessed in 23 hours of brute forcing. Due to the nature of TeamViewer, this password only resets when the application is restarted. Which isn’t that often…

A decent number of the intrusions also appear to coincide with the 01-06-2016 Denial of Service Attack on TeamViewer’s Authentication servers. TeamViewer declines any knowledge of a security issue, and has held their stance at it being the user’s fault for the issues that have been experienced. TeamViewer’s legal team has forced some article publishers to alter the statements about TeamViewer to cover up.

Most of these reports are unverified in a sense – as they are posted on a potentially anonymous forum, claims that cannot be verified. However, they are in such a high volume that some potential truth can be gleaned from the info.

0 Continue Reading →

Distributed Denial of Service (DDoS)

ddos

Recently it seems that every week we hear of a major website being unavailable due to a DDoS attack but what is it and why is it becoming so common?

A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.

It appears that along with these attacks becoming more common, they are also becoming more serious in the sheer bandwidth that is being used. Speaking to a recent victim they saw over 80Gbps being used against their IP’s, very few providers could sustain that bandwidth. To put this into perspective in Q4 of 2013 the average DDoS attack was using an average of 2.14 Gbps.

In recent months major names have been attacked such as the BBC (reportedly over 600Gbps), Sony PlayStation network, TalkTalk, Carphone warehouse and many more but why?

It would seem that essentially the groups doing this wish to extort money from their victims, using blackmail with the threat that if they do not pay then attacks will continue. However could you trust a black mailer not to do it again after payment? This is why it is generally reported that companies do not pay, however it seems reasonable to assume that some companies do pay as these sort of attacks cost money to implement and so they must be worthwhile to the criminals?

The type of payment is the issue in these ransom situations as payment is always instructed to be made in bitcoins and so is totally untraceable (if you know what you are doing). It is also thought that money gained in this way often finds its way to support worldwide illegal activity.

You don’t have to be a large company to suffer a DDoS attack but the attackers do go to where they believe ransom money is available, however if you do become a victim of a DDoS attack and subsequent blackmail it is best to treat it as an exercise to bolster your security and potentially test your DR strategy, it is not advised to meet the demands of the cyber criminals.

0 Continue Reading →

Hacking – why does it keep happening?

computer-hacker
Obviously this week the big story has been TalkTalk who it would appear have been hacked and potentially allowed details of 4 million customers into the wrong hands. This is the third large cyber-attack which TalkTalk have received and it is not at present clear why TalkTalk are targeted or who did it but it is far from being the only company that keeps being hit!
Most, if not all, large companies will receive cyber-attacks every day, it is unfortunately the norm. This is the reason why large companies invest in heavily in cyber security but being ahead of the cyber criminals isn’t easy. Around 1 million new malicious programs are created on a daily basis according to security firm Symantec.
It is extremely unlikely that any large company has not received cyber-attacks, it is also very unlikely that any of these large companies haven’t suffered a breach of security due to these attacks at some point. It is only the clever companies that are aware of these breaches and learn from them. It is likely that many companies will not know they have been breached which is much more dangerous than being aware!
Can it be stopped? Very unlikely, unfortunately it is just a case of staying one step ahead of the hackers which in reality is extremely difficult and expensive.

0 Continue Reading →

All White for Winter?

snowMAIN_1788610b

We know the weather predictions are always a tad dramatic with phrases such as ‘Arctic Freeze’ and ‘El Nino’ but it is worth paying attention to the fact that your business could suffer because of the winter. At present weather predictions for this winter are suggesting the El Nino (named Modiki) weather Phenomenon and reportedly maybe the strongest since 1950. In this year heavy snowfall brought chaos to much of the country with temperatures in some areas being as low as -22C with around 50cm of snowfall, certainly worse than the ‘big freeze’ which we remember in 2009/10.

The ‘El Nino’ happens when ocean temperatures in the eastern Pacific, near South America, rise due to a change in the normal wind direction, creating knock-on effects across the globe due to the amount of heat released into the atmosphere. The polar jet stream tends to move further south, and brings wetter weather across the Atlantic, which causes heavy rainfall in warmer months (we have certainly had this), but can bring snow in the winter.

So is your business ready in case we do have a bad winter? Typically in the UK a bad winter means the public transport system grinds to a halt or at best is a very poor service. The reason for this, apart from the weather affecting equipment and roads, is due to Staff not being able to get into work and so we get into a vicious cycle!

If your staff cannot get into work whether it be due to public transport or the highways what contingencies do you have in place to allow your business to continue? Should it just be for a single day most businesses will be fine, albeit probably lose some revenue, however if the weather spell lasts a week or more then it could be much more serious.

Points to consider:

  • Remote access – Do you provide remote access whether it be via Remote desktop, Citrix, Outlook web access. Is this setup for all staff? Are they aware of the details? Do you have enough licences? Does your internet connection give sufficient bandwidth for inbound connections?
  • Telephony – do staff have desk phones at home? Can staff access the telephone system through soft phones (PC or smartphone apps). Can diverts be put on remotely?
  • Backup – if using onsite backups who will change the tapes/disks? How will the data get offsite for safe storage?
  • Meetings – do you have video conference services available to take meetings internally and externally given that travel is limited?
  • Communication – are staff aware of the business continuity plan? How they will access systems? How will staff communicate?
  • Suppliers – depending on your business your supplier’s business continuity plans maybe extremely important if you cannot receive deliveries of vital goods and services – they should be asked the question.

 

Whilst we have seen predictions previously for heatwaves, bad winters and even the end of the world eventually predictions do happen so it’s always best to be prepared. Please get in touch should you be interested in any advice on the above (excluding weather forecasts).

0 Continue Reading →

SPAM – what is it?

spam

Whilst we would rather have this as a fritter (us northerners) how did this term ever get into email? SPAM in terms of meat stands for Specially Processed American Meat but in email terminology it simply means ‘unsolicited email’

Spam as an email term does not actually stand for anything but was just a name that started and continued purely by chance. This came about in 1994 as part of a lawsuit in the US. A company had advertised its product on the usenet newsgroups (one of the first mass forums) and were flooded with complaints. Complaints made due to the misuse of the then scarce internet resources. Disk space and bandwidth was massively consumed by this single action, given the storage costs and modem dial up solutions back then you can imagine the issues. After this the name Spam simply caught on and is still with us today.

It is currently estimated that 70% of all emails sent are actually Spam and of this figure 90% can be attributed to a core of 200 Spam outfits.

Spam unfortunately is an overwhelming fact of life. Filtering however is available relatively cheaply to keep 99.9% of it out of your inbox, please contact Cloud53 should you need advice.

0 Continue Reading →