Tag Archive for: cybersecurity

FAKE Ransomware? Really?!

Unfortunately, yes. There are legitimate AND fake ransomware attacks.

Good news is, the end-user needs to take the same precautions to mitigate risks of real or fake ransomware attacks; remaining educated on cyber security is an asset.

Better news, we offer solutions to layer on to protect your environment, as well as Security Awareness Training to educate your end users.

Let’s talk ransomware.

Ransomware Files Held Hostage

What is ransomware? Ransomware is a form of malware that encrypts files. The attacker then demands a ransom from the victim to restore their access to the data. This is especially dangerous because access to data on computer networks, mobile devices, and servers will all be locked until the victim pays the demanded ransom. For a business like yours, this can make or break you.

Attackers are aware that any sign of ransomware causes panic. Especially when using common attack methods – extortion, blackmail, threats, etc. – that are designed to generate fear in the reader. Attackers rely on this fear and panic to motivate the victim to give into demands regardless of how much money they are seeking.

These attacks have been so successful, the bad guys have realized they can simply create fake ransomware.

Rewind, what is fake ransomware?

Fake ransomware is simply a message stating false information that is sent to an end-user, demanding ransom.

These are often delivered in the form of emails spoofing a known address or pop ups that take focus on your computer and are difficult to close out.

These messages may tell a user their data has been stolen and encrypted and they must ‘click here’ to unlock data, enter credentials to check their account, review what files have been encrypted, etc. Essentially, the attacker does not presently have access to your environment but counts on your panic causing you to click a link which then does provide them access.

These messages may also exploit or blackmail, telling the victim they have videos, pictures, or screen shots of them that do not exist. They will then ask for a payout to delete this sensitive data and keep quiet.

However, none of this is true. These are simply messages used to induce fear and hope the victim pays.

The takeaway

Your organization needs a strong cyber security solution stack, regular end-user education and testing, as well as a plan in the event of an attack. This protocol must prevail even in fear and panic.

Having an IT partner that values and focuses on cyber security in every area of business is crucial. Good thing you do.

Mitigate these risks with forward-thinking solutions and end-user training.

Have a plan in the event of an attack.

PremierePC can respond intelligently in a worst case scenario. When in doubt, call PremierePC.

Read more here.

PPC Strengthens Your Cyber Security with Vulnerability Scanning

Interested in strengthening your Cyber Security? YES?

How about strengthening security at no additional cost? Yes please?

PremierePC has now partnered with Intruder.io to provide External Vulnerability Scanning on your PremierePC owned Meraki Firewall at NO additional cost to you as a service plan client.

intruder.io_scan_result

intruder.io is a $1958 value per year

Who is Intruder.io?

Intruder.io helps organizations reduce cyber attack exposure by providing effortless cyber security. This solution uses the same engines as the gold standard for vulnerability scanning.

External Vulnerability Scanning

Hackers are constantly looking for security flaws they can use to compromise sensitive information or steal personal data for financial gain, or to cause havoc and disruption for businesses all over the globe. To do this, they make use of a wide range of tools and vulnerability scanners to automate their efforts and find new targets. So, external vulnerability scanning is an essential process of protecting your business, by finding your security weaknesses before the hackers do.

On average, 20 new vulnerabilities are discovered every day, many of which are in technologies which are designed to sit on your perimeter systems (those which are exposed to the internet). Intruder’s external vulnerability scanner allows you to neutralize threats to your business, by performing vulnerability scans that discover security holes in your most exposed systems.

Intruder’s external network vulnerability scanner checks your systems for vulnerabilities which include web-layer security problems (such as SQL injection and cross-site scripting), infrastructure weaknesses (such as remote code execution flaws), and other security misconfigurations (such as weak encryption configurations, and systems which are unnecessarily exposed).

Please note that while these scans can not PREVENT an attack, this simply helps us expose existing issues and resolve them as soon as possible, mitigating risk.
We will be working on adding Internal Vulnerability scans for managed servers in the coming months, stay tuned for more details.
If you are NOT a service plan client, and would like this solution active in your environment, take a look at our cybersecurity service plans and see if PremierePC is the right fit for you.

Have you heard? The bad guys are getting smarter.

New phishing attacks have been popping up on collaboration tools like MICROSOFT TEAMS.

So why are they targeting tools like Microsoft Teams? Aside from this particular service having 270 million + monthly active users, we tend to trust these applications.

If the attack comes in email, I can check the sender and verify their address. In Teams, the bad guys already have credentials and are using them.

It looks like my boss is sending me a Teams message. I’ve talked to my boss on here 100+ times in the past week. Surely this is still my boss messaging me.

How are these attacks being executed?

There are many possibilities for attack.

Threat actors are dropping malicious files and malware into Teams conversations. Once this is clicked, the file installs a Trojan on a user’s Windows PC; the Trojan then installs the malware.

Bad guys are also requesting gift cards to be purchased, or persuading employees to perform a wire transfer of funds to their account.

Some of these attackers are getting very sophisticated.

While the CEO of a customer company was traveling to China, the bad guys posed as the CEO and sent a message to several employee’s asking them to join a Teams meeting. The employees joined the Teams meeting and saw video of the CEO. Little did they know, this was video feed from a past TV interview; the attackers had added a fake background as well to look like the CEO was in China. There was no audio, the “CEO” sent a message saying there must be a bad connection and dropped a SharePoint link into the chat requesting the employees send some requested information.

You may be thinking, “This is extreme.” While it is extreme, it is important to note these are legitimate jobs on the Dark Web. See the job posting below:

While you are at work, 8 hours a day, performing your daily tasks, so are the bad guys. This is their job, their career, their living. They will put the same effort into their work as you do into yours.

dark_web_job_posting

For the entrepreneur, you can be your own boss on the Dark Web! Just purchase a Phishing Kit, which gives you step by step instructions and all necessary code to execute the attack.

Let’s get prepared.

Do you know your organization’s cyber security posture?

Do you have a powerful cyber security solution stack?

Do you run regular phishing campaigns?

Do you provide consistent Security Awareness Training for your staff?

Your employees are your number one defense against these attacks.

Is your team ready?

Call today to learn your organizations security posture, get a free Dark Web scan for your domain, and discover options available for Security Awareness Training for your staff.

Is Your Business Making These Critical CyberSecurity Mistakes?

It’s no secret that cyber attacks are on the rise – hackers are attacking at a rate of once per 39 seconds.

Did you know 95% of cybersecurity breaches are caused by human error?

How about that only 5% of companies’ files are properly protected?

Let’s look at five common mistakes made frequently by businesses like yours.

  1. Many SMBs believe they are too small to be a target.

    FALSE. Hackers are not only interested in large organizations. The bad guys know that large companies have more resources, and a more robust cybersecurity stack. Makes sense to target a smaller firm that still handles sensitive payment and bank data for their clients.

  2. Sharing passwords doesn’t seem like big of a deal, right?

    They’re easier to remember, and surely you can trust your coworkers. Think again. There are many issues with this one. Sharing passwords creates giant holes in your security, makes accountability near impossible, you lose control over where your password is stored or used, etc.

  3. Ever click “later” on suggested software updates?

    Ever click “later” 12 times on that same update? You’re not alone. Again, seems like a small decision. However, think about this. Any time there is a security hole found in software, the developer seeks to correct it. They may come out with an update. With that update, they report the security hole they found. Enter hackers; anyone using a previous version of the software now has a known security hole in their system.

  4. Free Antivirus: you may be thinking, “What a gift! This is surely just as good as any other antivirus.”

    Let’s look at the facts. Free antivirus software offers low detection rates, collects data about your usage, may issue false positives to appear useful, carries bloatware and intrusive ads that slow computers, and suffers from data breaches making them counterproductive.

  5. How often do you train your employees on cyber security?

    Do you have a training protocol or standard operating procedures around this? Employee negligence is the number one cause of data breaches. Some of these actions seem harmless, like connecting to Wi-Fi at Starbucks and checking your email. Reusing your work password, or a variant of that password, across multiple accounts. Some actions could be as simple as clicking a link in an email from a seemingly safe sender. Hackers will even go so far as to drop a USB drive containing malware into the parking lot or hallway of your business; do you feel confident that none of your employees would pick that up and plug it in?

These are just five, in a list of many, common mistakes made by SMBs that leave them open to cyber security attacks.

Don’t wait until it’s too late to formulate a solid defense against these types of attacks.

The average cost of one of these attacks is $200,000.

Can your business afford that?

Click here to learn more.

Managed IT Services

Computer and Network Support

Backup and Disaster Recovery

Cybersecurity

NIST Framework

Surveillance Systems

HIPAA Compliance

Communication and Productivity

Business Phone Systems

Enterprise File Sharing

Hosted Business Email

Email Compliance and Security

Get In Touch

16 W Pointe Blvd, Mauldin, SC
864.335.9223

Contact Sales | Open a Case

About

Meet the Team | Latest News

PremierePC Technology Group, LLC BBB Business Review

Greenville HIPAA Compliance

A fully integrated IT solutions provider for local business clients. Serving the Upstate of South Carolina including Greenville, Spartanburg and Anderson counties.
Physical Address: 16 W Pointe Blvd, Mauldin, SC 29662 | 864.335.9223 | Payment Remittance: PO Box 5293 Greenville, SC 29606
Copyright © 2006 – 2023 PremierePC Technology Group. All Rights Reserved. | Terms and Conditions | Privacy Policy