Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.

Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.

The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.

Apple credited the Citizen Lab researchers for finding the vulnerability.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krsti?, head of Apple Security Engineering and Architecture, said in a statement.

Krsti? said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.”

Still, security experts encouraged users to update their mobile devices for protection.

In a statement, NSO Group did not address the allegations, only saying, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”

The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.

Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.

In a lawsuit filed in 2019, Facebook accused NSO Group of being complicit in a hack of 1,400 mobile devices using WhatsApp. (NSO Group disputed the allegations at the time.)

The proliferation of easy-to-use mobile hacking tools has given governments around the world a new and stealthy means of targeting adversaries. Sophisticated spyware made by NSO Group and other vendors has been reportedly used from Uzbekistan to Morocco.

The surge in spyware prompted a United Nations panel of human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN panel said the ban should remain in place until governments have “put in place robust regulations that guarantee its use in compliance with international human rights standards.”

The breach is the latest targeting of a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.

Here’s what we know:

What is JBS?
JBS USA is part of JBS Foods, one of the world’s largest food companies. It has operations in 15 countries and has customers in about 100 countries, according to its website. Its customers include supermarkets and fast food outlet McDonald’s and in the US, JBS processes nearly one quarter of the county’s beef and one-fifth of its pork. JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Its brands include Pilgrim’s, Great Southern and Aberdeen Black. The US headquarters is based in Greeley, Colorado, and it employs more than 66,000 people.

What happened?
Hackers attacked the company’s IT system last weekend, prompting shutdowns at company plants in North America and Australia. IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.
JBS hack shuttered nine US beef plants but normal operations to resume Wednesday
The hack, which the White House described Tuesday as ransomware, affected all of JBS’s US meatpacking facilities, according to an official at the United Food and Commercial Workers union that represents JBS employees. The cyberattack resulted in the closure of all nine of the company’s US beef plants, which are located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, the union official said. The company said on Monday that it suspended all affected IT systems as soon as the attack was detected, and that its backup servers were not hacked.

The White House has said that the ransomware attack was likely carried out by a Russia-based criminal organization, and that it is dealing with the Russian government on the matter.
JBS’ operations in Australia were also affected. The Australian Meat Industry Council, a major trade group, said in a statement that “there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply.”

What is ransomware?
In a ransomware attack, hackers steal an organization’s data and lock its computers. Victims must pay to regain access to their network and prevent the release of sensitive information.
Some sophisticated ransomware hackers, such as the Russian hacker group Darkside, sell their ransomware technology and take a cut of any ransoms paid to their customers.

Experts generally encourage ransomware victims not to pay any ransom. But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.

JBS did not comment to CNN about details of the ransomware attack, including whether it paid the ransom.

This kind of cyberattack sounds familiar. Where have I heard that?
The hack comes a few weeks after a ransomware attack targeted Colonial Pipeline, which forced a six-day shutdown of one of the United States’ largest fuel pipelines. That May attack resulted in gas shortages, spiking prices and consumer panic. Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

Similar to JBS, Colonial Pipeline’s systems were hit with ransomware. Once a company has been hit by ransomware, its first course of action is usually to take much or all of its systems offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why JBS shut down its operations and Colonial shut down its pipeline — to disconnect the companies’ operations from the IT systems that hackers breached. People briefed on the Colonial attack have said that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
The pipeline has since returned to normal operations.

Don’t be the next victim of a ransomware attack. Contact South Jersey Techies to discuss how your critical information can be secure.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

As school, socializing, and many aspects of life have moved online this year, it’s more important than ever that you protect your digital devices and steer clear of cybercriminals. Computer security threats are relentlessly inventive. Masters of disguise and manipulation, these threats constantly evolve to find new ways to annoy, steal and harm. Arm yourself with information and resources to safeguard against complex and growing computer security threats and stay safe online.

Examples of Online Cybersecurity Threats

Computer Viruses

Probably the most eminent computer security threat, a computer virus is a program written to alter the way a computer operates, without the permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process.

What can you do to avoid computer viruses? Carefully evaluate free software, downloads from peer-to-peer file sharing sites, and emails from unknown senders. These things are critical to avoiding viruses. Most web browsers have security settings which can be configured for top defense against online threats. But, as we’ll say again and again, the single most-effective way of fending off viruses is up-to-date antivirus software and monitoring agent, like we include in our Managed Service Plans.

Spyware Threats

A serious computer security threat, spyware is any program that monitors your online activities or installs programs without your consent for profit or to capture personal information.

While many users won’t want to hear it, reading terms and conditions is a good way to build an understanding of how your activity is tracked online. As always, if a company you do not recognize is advertising for a deal that seems too good to be true, be sure you have an internet security solution in place and click with caution.

Hackers and Predators

People, not computers, create computer security threats and malware. Hackers and predators are programmers who victimize others for their own gain by breaking into computer systems to steal, change, or destroy information as a form of cyber-terrorism. These online predators can compromise credit card information, lock you out of your data, and steal your identity. As you may have guessed, online security tools with identity theft protection are one of the most effective ways to protect yourself from this brand of cybercriminal.

Phishing

Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing attacks are some of the most successful methods for cybercriminals looking to pull off a data breach. Antivirus solutions with identity theft protection can be taught to recognize phishing threats in fractions of a second.

Cyber Safety Tips

• Keep software systems up to date and use a good anti-virus program.
• Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
• If an unsolicited text message, email, or phone call asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
• Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
• Scrutinize all electronic requests for a payment or transfer of funds.
• Be extra suspicious of any message that urges immediate action.
• Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Barbara Corcoran of ABC’s “Shark Tank” has lost nearly $400,000 in a phishing scam this week. Corcoran told “People” that she was tricked as a result of an email scheme sent to her team.

The high-powered businesswoman told People that she received a scam invoice approving a real estate renovation, but she didn’t think twice about verifying it because she invests in real estate. It was only until her bookkeeper caught Corcoran’s assistant’s email was misspelled by 1 letter and it was later found to be the address used by the scammer.

“I was upset at first, but then remembered it was only money,” Corcoran told the magazine.

Corcoran’s assistant Emily Burke told CNN Business that the “Shark Tank” star wouldn’t provide any additional comment “at the advisement of her attorneys until the authorities are done investigating.”

However, Corcoran tweeted: “Lesson learned: Be careful when you wire money!” with a link to a TMZ story.

In addition to being an investor and a judge on the hit ABC show, Corcoran formerly owned the global real estate agency that shares her name. She sold it for $66 million in 2001.

Corcoran fell for a phishing scam. It’s common, too: Nearly 30,000 people reported being a victim of that type of scam last year. Together they reported nearly $50 million in losses, according to the FBI’s 2018 Internet Crime Report.

Phishing attacks are common methods of stealing usernames, passwords and money. Hackers pretend to be a trustworthy source to convince you to share personal data. To be safe, it’s important to make sure the sender is authentic before clicking on a link. Google has rolled out security protections that warns people of potential unsafe emails.

If you or your team have any questions or concerns please contact support at (856) 745-9990.

Consumers are not the only ones vulnerable to scams.  If you own a small business or are part of a nonprofit organization, you could be open to several different types of cons without even realizing it.

The Federal Trade Commission (FTC) has put together a list of some of the more common scams and posted them on the website along with plenty of resources to help you spot con artists and keep them from taking advantage of you and your business.

“Your best protection? Learn the signs of scams that target businesses,” the FTC says. “Then tell your employees and colleagues what to look for so they can avoid scams.”

From the FTC website:

Fake Invoices

Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company actually ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake and if you pay, your money may be gone.

Unordered Office Supplies and Other Products

Someone calls to confirm an existing order of office supplies or other merchandise, verify an address, or offer a free catalog or sample. If you say yes, then comes the surprise — unordered merchandise arrives at your doorstep, followed by high-pressure demands to pay for it. If you don’t pay, the scammer may even play back a tape of the earlier call as “proof” that the order was placed. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.

Directory Listing and Advertising Scams

Con artists try to fool you into paying for nonexistent advertising or a listing in a nonexistent directory. They often pretend to be from the Yellow Pages. They may ask you to provide contact information for a “free” listing or say the call is simply to confirm your information for an existing order. Later, you’ll get a big bill, and the scammers may use details or even a recording of the earlier call to pressure you to pay.

Utility Company Imposter Scams

Scammers pretend to call from a gas, electric, or water company saying your service is about to be interrupted. They want to scare you into believing a late bill must be paid immediately, often with a wire transfer or a reloadable card or gift card. Their timing is often carefully planned to create the greatest urgency — like just before the dinner rush in a restaurant.

Government Agency Imposter Scams

Scammers impersonate government agents, threatening to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.

Tech Support Scams

Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.

Social Engineering, Phishing and Ransomware

Cyber scammers can trick employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malware to lock organizations’ files and hold them for ransom.

Business Promotion and Coaching Scams

Some scammers sell bogus business coaching and internet promotion services. Using fake testimonials, videos, seminar presentations, and telemarketing calls, the scammers falsely promise amazing results and exclusive market research for people who pay their fees. They also may lure you in with low initial costs, only to ask for thousands of dollars later. In reality, the scammers leave budding entrepreneurs without the help they sought and with thousands of dollars of debt.

Changing Online Reviews

Some scammers claim they can replace negative reviews of your product or service, or boost your scores on ratings sites. However, posting fake reviews is illegal. FTC guidelines say endorsements — including reviews — must reflect the honest opinions and experiences of the endorser.

Credit Card Processing and Equipment Leasing Scams

Scammers know that small businesses are looking for ways to reduce costs. Some deceptively promise lower rates for processing credit card transactions, or better deals on equipment leasing. These scammers resort to fine print, half-truths, and flat-out lies to get a business owner’s signature on a contract. Some unscrupulous sales agents ask business owners to sign documents that still have key terms left blank. Don’t do it. Others have been known to change terms after the fact. If a sales person refuses to give you copies of all documents right then and there — or tries to put you off with a promise to send them later — that could be a sign that you’re dealing with a scammer.

Fake Check Scams

Fake check scams happen when a scammer overpays with a check and asks you to wire the extra money to a third party. Scammers always have a good story to explain the overpayment — they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. By the time the bank discovers you’ve deposited a bad check, the scammer already has the money you sent them, and you’re stuck repaying the bank. This can happen even after the funds are made available in your account and the bank has told you the check has “cleared.”

Google sends a nudge toward the unencrypted web

Starting in July, Google Chrome marked all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser is warning users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance was tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

What Is EU GDPR? 

The EU GDPR is a law designed to protect and empower residents of the EU by guiding business usage of personal data. In essence, it is reshaping the way corporations handle personal data by controlling its collection, use, and storage. It will replace the regulations and frameworks of the existing 20-year-old directive (95/46/EC).

Who Is the GDPR Protecting and Empowering? 

The data subject: This is any individual that can be directly or indirectly identified or uniquely singled out in a group of individuals, from any stored data.

What Is the GDPR Protecting? 

Personal data: This is any information relating to an individual, whether in reference to their private, professional, or public life. It includes things like names, photos, email addresses, location data, online identifiers, a person’s bank details, posts on social networking websites, medical information, work performance details, subscriptions, purchases, tax numbers, education or competencies, locations, usernames and passwords, hobbies, habits, lifestyles, or a person’s computer’s IP address.

Who Is the GDPR Regulating? 

The data controller: This is the person who, alone or jointly with others, determines the purposes for, and means of, processing personal data. A data controller is not responsible for the act of processing (this falls to the data processor); they can be defined as the entity that determines motivation, condition, and means of processing.

Generally, the role of the controller is derived from the organization’s functional relation with the individual. That is, a business is the controller for the customer data it processes in relation to its sales, and an employer is the controller for the employee data they process in connection with the employment relationship.

Who Else Is the GDPR Regulating? 

Data processors: This is the person who processes personal data on behalf of the controller. Typical processors are IT service providers (including hosting providers) and payroll administrators. The processor is required to process the personal data in accordance with the controller’s instructions and take adequate measures to protect the personal data. The GDPR does not allow data processors to use the personal data for other purposes beyond providing the services requested by the controller.

What Does the GDPR Consider “Processing?” 

Processing refers to any operation or set of operations performed upon personal data, whether or not by automatic means—such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction. Processing must be fair and lawful, although transparency is significantly strengthened. The processor may not use the personal data for their own purposes.

What Rights Do the Data Subjects Have? 

Under the GDPR, data subjects can request the following:

• To be informed about the data processing
• To consent to the processing of their personal data (opt in) or object to the processing of their personal data (opt out)
• To obtain their personal data in a structured and commonly used format in order to transfer that data, in certain circumstances, to another controller (data portability)
• To not be subject to fully automated data processing or profiling
• To know what data is processed (right of access)
• To correct where any data is incorrect
• To have data erased under certain circumstances, for example, where the retention period has lapsed or where consent for the processing has been withdrawn (referred to commonly as the “right to be forgotten”) and to register a complaint with the supervisory authority

Other Key Elements to Consider in Preparing for GDPR

We’re not done yet. There are four more important elements to consider with GDPR as you become ready.

1) Data Breach Notification

For controllers, GDPR requires that breach notice must be provided, where feasible, within 72 hours of becoming aware of a breach; processors need to provide notice to controllers without undue delay. Any data breaches must be documented.

2) Data Minimization

This requires the level and type of data being processed to be limited to the minimum amount of data necessary. This requires you to ensure that the purpose in which the data is agreed and the purpose in which the data was collected are materially similar. The processors should ensure that individuals’ privacy is considered at the outset of each new processing, product, service, or application, and only minimum amounts of data are processed for the specific purposes collected and processed.

3) Data Pseudonymization

The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” To pseudonymize data, the “additional information” must be “kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.” In other words, it is a strategy designed to enhance protection and privacy for applicable identifying data.

Although similar, anonymization and pseudonymization are two distinct techniques that permit data controllers and processors to use de-identified data. The difference between the two techniques rests on whether the data can be re-identified.

4) Fair Processing of Personal Data

This requires the processing of personal data to be fair and lawful. Generally, only the level and type of data collected should be limited to the minimum amount of data necessary (see data minimization above). There are a number of methods in which the data may be processed, including: express consent (which may be withdrawn at any time), legitimate interest basis (the subject of which legitimacy may be challenged by the data subject), honoring obligations under the agreement with the data subject, or any other legal basis that may apply.

What We Can Do to Help

We know this information can be overwhelming, but taking the proper steps now will save you headaches later. SolarWinds provides products that can help you with getting ready. Our Risk Intelligence software is one of them, providing you with hard data on:

• A business’ quantified financial risk
• Personally identifiable information (PII)
• Protected health information
• Payment information located in storage
• Access permissions for sensitive data

Search your ‘data at rest’ for risk areas and start the data mapping you need to get ready for GDPR.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8

Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8 — all of them operating systems for which it no longer provides mainstream support.

Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.

Computers infected with WannaCry will have their data encrypted, and display a ransom note demanding $300 or $600 in bitcoin to free the files.

Fortunately, Windows 10 customers were not targeted in Friday’s attack. In March, Microsoft patched the vulnerability that the ransomware exploits — but only for newer Windows systems. That’s left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday’s attack.

Researchers originally believed the ransomware was spread through attachments in email phishing campaigns. That no longer appears to be the case.

Infection attempts from the WannaCry ransomware.

Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. The ransomware will specifically scan for unpatched machines that have the Server Message Block vulnerability exposed.

Businesses can prevent this by disabling the Server Message Block protocol in vulnerable PCs. They can also use a firewall to block unrecognized internet traffic from accessing the networking ports the Server Message Block uses.

Fortunately, Friday’s ransomware attack may have been contained. A security researcher who goes by the name MalwareTech has activated a sort of kill-switch in WannaCry that stops it from spreading.

As a result, over 100,000 new infections were prevented, according to U.K.’s National Cyber Security Centre. But experts also warn that WannaCry’s developers may be working on other versions that won’t be easy to disable.

“It’s very important everyone understands that all they (the hackers) need to do is change some code and start again. Patch your systems now!” MalwareTech tweeted.

Unfortunately, the kill-switch’s activation will provide no relief to existing victims. The ransomware will persist on systems already infected.

Friday’s ransomware attack appears to have spread mainly in Europe and Asia, with Russia among those nations hardest hit, according to security researchers.

Security experts are advising victims to wait before paying the ransom. It’s possible that researchers will develop a free solution that can remove the infection.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ransom is the top motivation behind cyber attacks, according to a report from Radware, and IT professionals are most concerned about data loss. Here’s what you need to know.

Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware’s, Global Application and Network Security Report 2016-2017.

Data loss topped the list of IT professionals’ cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).

Malware or bot attacks hit half of all organizations surveyed in the last year. One reason for the pervasive attacks? The Internet of Things (IoT). Some 55% of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures, as they create more vulnerabilities.

Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition.

While large-scale DDoS attacks dominated the headlines of 2016, this report found that only 4% of all attacks were more than 50 Gbps, while more than 83% of DDoS attacks reported were under 1 Gbps.

“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, vice president of security solutions at Radware, in a press release. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data.”

Despite the growth in attacks, some 40% of organizations reported that they do not have an incident response plan in place, the survey found.

The report listed five cybersecurity predictions for 2017:

1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. “In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets,” the press release stated. “IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.”

2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.

3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called “phlashing,” damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.

4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, “could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life,” the press release stated.

5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.

You help your business avoid ransomware attacks and other cyber threats by keeping software up to date, backing up all information every day to a secure, offsite location, segmenting your network, performing penetration testing, and training staff on cyber security practices.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.