Month: October 2022

Beware fake meeting requests:

Watch out for the fake meeting request:

Hi,

Important that we meet discuss speerfishing attacks over business comunicatons. We need to make plan about this IMMEDIATELY. Please click on the link [uurl.callender.com] to make an appointment with IT for quick tutorial.

Regards,

Before you or your team click the link hopefully you take a moment to STOP and think about whether this is a legitimate email.

Red flags to look out for:

Incorrect spelling
Poor grammar
A sense of urgency
Too good to be true (a dinner with George Clooney is probably not going to happen).
Click on this link….ahhh stop stop stop!

Fake meeting requests or calendar-invite scams are on the rise and your team needs to be educated on this.

Examples of Scams that have occurred:

Facebook and Google suffered a $121 million BEC scam.
Ubiquiti lost $46.7 million to an attack.
Toyota transferred $37 million to crooks in a BEC snafu.

In 2020, BEC attacks were the most lucrative scam. The US estimated cybercriminals made over $1.8 billion with this approach. Beyond money, falling victim to a BEC attack also costs your business time and reputation. Here’s what to look for and how to protect against BEC scammers.

How these Scams Work

With many more people working from home and meeting virtually, there’s been an increase in BEC spearfishing attacks.

On Gmail, the bad actor needs only your email address to send an invite that adds to your calendar by default. Then, you might click on what appears to be a meeting link, which actually takes you to a malware site.

Zoom has also become an attack vector. You get an invite to a meeting that asks you to login into Microsoft Outlook. You’ve done it so many times before, except this is a fake login page, and it’s set up to steal your access credentials.

How to Protect Against BEC Scams

Educate your users. As with any other type of email scam, users need to learn to be careful about the links they click. Some indicators to look for, which you can see in our opening example, include:

spelling mistakes;
urgent appeals;
poor phrasing;
suspicious links.

Email addresses, links, and domain name inconsistencies are more bad signs. Plus, be wary if something seems too good to be true (a free laptop?) or is an unusual request (transfer $1 million from the CEO’s account).

What can you do?

Google Calendar users can go into General settings, then Event settings, and switch off “Automatically add invitations.” Instead, select “No, only show invitations to which I have responded.” Also, under Events from Gmail, you can stop calendar events auto-generating based on your inbox. Keep in mind, though, that you’ll also be blocking legitimate events.

In these days of the hybrid workforce, we’re used to clicking on links from Zoom, Google Docs, and Microsoft Office as part of our daily workflow. The cyber bad guys know this and are taking advantage of it. Unsubscribing from email lists, keeping your email private, and reporting spam to IT can all help.

Your business might also benefit from working with a managed service provider to use a third-party spam filter. Our team can also review your cybersecurity and help to educate your staff on how to avoid these scams. Contact us here.

Monitoring: Why it matters

What you need to know about Monitoring and Maintenance:

Network monitoring continues to be crucial for businesses in order to be productive and avoid serious threats from network failures and server downtime.

What is monitoring?

Monitoring is the practice of routinely monitoring all the components within an organization’s network to track, measure, and troubleshoot performance issues, failures, or deficiencies.

The advantage of automated monitoring software is that it speeds up the very time-consuming areas of network monitoring. These tools help uncover what might be overlooked with manual network monitoring.

Why monitor your network?

To optimize network performance
Eliminate the need for manual checks
Take a proactive approach to staying on top of any potential issues.
Diagnose issues
Report issues

Some of the most common performance issues include:

Poor network visibility: If you do not have the right monitoring abilities, your system can malfunction for hours before you are aware of what’s happening.
New additions to your system: If new devices are not installed and configure correctly, this can cause complications.
Reactive monitoring: To keep your network running well, you need to anticipate issues and be proactive.

How should I monitor?

When establishing your monitoring practices, you need to consider which reports you use as measurements. These are some common ones:

Bandwidth usage: The maximum rate your system can transmit data. If you reach critical levels of bandwidth usage, your system will be overloaded and impaired.
Connectivity: You need to monitor this metric to identify issues such as a broken connection or malware.
Availability: If your system routinely experiences downtime, or periods when your network is not available, your productivity and profits can be impacted.
Packet loss: This metric measures how many data packets are “dropped” during your network’s data transmissions. The more data packets lost, the longer it takes to fulfill data requests. Monitoring this metric allows your IT professionals to improve your network’s processing speed.

Failure to monitor your network will cost you lost time and profits. Your IT Alliance member will establish a comprehensive monitoring program to meet the many challenges that your system faces. At a minimum, your monitoring program should employ the following steps:

· Install Sophisticated Monitoring Tools

· Monitor Incoming Traffic

· Universal Remote Device Monitoring

· Real-time Network Performance Monitoring

· Track Video and Voice Performance

· Automation

In Summary:

There are many involved reports that can be automatically generated by the monitoring software. The good thing about having all of this done automatically by your IT Alliance member is that anything outside of the parameters of normal will (mostly) be flagged immediately, and automatically fixed.

Failure to monitor in this modern way of working with remote users now becoming an everyday occurrence could cost your company in downtime as well as many other issues.

To discuss your monitoring needs please feel free to reach out to us here.

Data Breaches – What you need to know!

In the most recent quarter, CERT NZ responded to 2,001 incident reports about individuals and businesses from all over New Zealand.

Internationally well know companies such as Apple, Meta, Twitter, and Samsung have all disclosed cybersecurity attacks this year.

In New Zealand Phishing and credential harvesting remains the most reported incident category (from CertNZ)

This graph shows the breakdown by incident category for the past quarter in New Zealand.

Australian telecoms company Optus – which has 9.7 million subscribers, suffered a “massive” data breach this year. According to reports, names, dates of birth, phone numbers, and email addresses may have been exposed, while a group of customers may have also had their physical addresses and documents like driving licenses and passport numbers accessed.

IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

So how does a data breach happen?

Data breaches happen mainly when hackers can exploit user behaviour or technology vulnerabilities.

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

Phishing – emails in which hackers persuade users to hand over access credentials or the data itself.
Brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in.
Malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.
Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to poor cyber hygiene.

How to reduce risk to your business:

Here are some key tips for mitigating risks to your business. If you require help with these, contact your IT Alliance provider.

Identify what is exposed to the internet: to help mitigate this risk, it’s important to identify what is being exposed to the internet. Your IT Alliance member can help you do this. You can also use scanning tools like Nmap and Nessus to help assess your situation.
Only expose what you really need to: Reducing the number of services you use lowers the number of targets that attackers have access to. This is known as reducing your attack surface.
Segment your network to stop – internet-exposed services from reaching your internal network. If your more vulnerable services get compromised, a segmented network will make it harder for attackers to reach other devices.
Patch services and devices exposed on the internet. Having the latest version will fix many of the vulnerabilities known to the vendor, and that means attackers have fewer known vulnerabilities they can use to gain access.
Turn on multi-factor authentication (MFA) to add an extra layer of security and help prevent unauthorized access.
Use logging and alerting to help monitor devices and services, especially any that may be exposed on the internet. These are potential weak points that attackers may target. This can help notify you of an incident and provide details of what has happened.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. Once you’ve had a data breach and it has been made public, your customers may lose faith in your ability to protect their private information.

Our team at Ultra IT can install protection and take precautions against data breaches. Contact our team to discuss