A prime example of a cloud application is Microsoft’s Office 365 suite. It brings the well-known Office applications such as Word and Excel and makes it easier for teams to collaborate, share files, and use video calls for communication over the internet. While these tools have been available for years, COVID-19 has brought them into the spotlight, as they have become invaluable assets for companies to maintain their workflows. Some other cloud based tools include Zoom and Slack.

In a recent study conducted by cybersecurity company McAfee on cloud application usage rates, it was found that between January and April of this year, the usage of cloud based tools increased by 50%. It was also discovered that cyberattacks targeting these cloud applications increased by a factor of 630%.

In their study,  these cyberattacks were identified using two main methods. The first method, ‘activity from an uknown location’, flags suspicious log in attempts made on an account in a location that is unusual, based on historical log in data. The second method, ‘suspicious superhuman’, detects login attempts that would be geographically impossible. An example of this would be two logins attempts from across the globe within 5 minutes of each other.

What are their methods of intrusion?

One of the most common methods of infiltrating cloud based accounts is by using “spraying attacks”. This is a type of brute-force attack that attempts to guess a user’s password based on commonly used passwords, and a common habit for users to reuse passwords across services.

The most effective method of protecting yourself from spraying attacks is by enabling multifactor authentication. This makes sure that external cyberattackers cannot get into your cloud accounts. An account protected by MFA cannot be accessed by someone who does not have access to both the credentials and the external device or mailbox associated with the account.

Don’t let your cloud accounts be compromised. Protect yourself by calling GIGE at +1 888 366 4443 or emailing us at info@gige.ca to get started.

The post Increase in Cyberattacks Targeting Cloud Applications appeared first on GIGE IT Solutions: IT Services Mississauga.

It was discovered that APTs, or Advanced Persisted Threat groups, pose the greatest cyberthreat to these organizations. APTs are nation or state sponsored groups that aim to infiltrate into computer networks and remain undetected with malicious intent.

Why are these organizations being targeted?

These organizations often collect sensitive information including personal names and medical history in their efforts against Covid-19. The goal of many of these cyberattacks is to gain access to this sensitive information. Using APTs to gain access to this information is beneficial to their own research.

There are several vulnerabilities that are being exploited by APTs to gain access to these organizations’ networks. Firstly, the security hole named CVE-2019-19781 allows for cyberattackers to gain access to sensitive information and execute arbitrary code through a Citrix device.

Next, several vulnerabilities in VPN products from Fortinet, Pulse Secure, and Palo Alto are still relevant today despite having been patched last year. This is because a device that has not had the latest security update applied would still be vulnerable to these known security flaws. Some of these security holes include CVE-2018-13382, which allows a malicious actor to edit a VPN password without authentication, and CVE-2018-13380, which allows cross-site scripting.

Finally, malciious actors are using a strategy called “Password Spraying” to try to infiltrate Covid-19 response organizations. In this type of attack, cyberattackers attempt to guess a user’s password through trial-and-error of the most  commonly used passwords, similarly to brute force attacks.

GIGE IT Solutions ensures that your organization is protected against malicious attacks from cybercriminals. Don’t leave your network open to attack – call us at +1 888 366 4443 or info@gige.ca for a consultation on the best ways to protect yourself today.

The post Cyberattackers Are Targeting Organizations Aiding In Covid-19 Response appeared first on GIGE IT Solutions: IT Services Mississauga.

Ransomware attacks are a strain of cyberattack that is characterized by the intention to extort money out of victims by locking their sensitive data behind a ransomwall. Data on a victim’s computer is encrypted with an encryption key that is only known by the attacker. Once the data has been encrypted, it can no longer be accessed by the victim. The cyberattacker then demands a ransom payment, usually in cryptocurrency, to be paid for the safe release of the data.

While it has been known that ransomware encrypts data, it was a specific strain of ransomware called “Maze” that revealed that ransomware also has the capability to steal data from the victim’s computer. This particular strain of the malware threatens to publicize sensitive information if the victim does not pay the ransom.

How have ransomware attackers been infiltrating computers?

Microsoft’s Threat Protection Intelligence Team has discovered that many ransomware attackers exploit the same vulnerabilities in victims’ computers to install the malware.

1. Unsecured RDP Connections

Remote desktop Protocol, or RDP, is a Microsoft tool that allows for one computer to remotely access and control another computer. It is important to protect RDP connections with Multifactor Authentication (MFA), as without this, cyberattackers that get access to your credentials through brute force attacks will be able to hijack the RDP connection and infiltrate the computer.

2. Unpatched or Out-of-Support operating systems

A computer running an outdated operating system is no longer being repaired by the OS’s developers. This means that known vulnerabilities can be indefinitely exploited by cyberattackers. According to the Microsoft Threat Protection Intelligence team, some operating systems that are particularly vulnerable include Window Server 2003 and 2008.

3. Web Server Misconfigurations

Another vulnerability that is a common weakness exploited by cyberattackers is misconfigurations in web servers. A misconfigured server can allow for unknown actors to connect and access otherwise secure connections in order to install malicious software on a victim’s computer.

Don’t become the victim of data theft. It is important to configure and protect your network RDP connections. GIGE IT Solutions’ network experts have years of cumulative experience designing, deploying, and maintaining secure network connections. Call us at +1 888 366 4443 or email us at info@gige.ca to protect yourself immediately.

The post Data Theft Is Common In Ransomware Attacks appeared first on GIGE IT Solutions: IT Services Mississauga.

Video Teleconferencing (VTC) is the technology that connects multiple people over the internet with both audio and video. It is often confused with VoIP, or Voice over internet protocol. In fact, Video Teleconferencing is a subcategory of VoIP, which also includes technologies such as internet voice calls and instant messaging.

Some examples of video teleconferencing technology includes Microsoft’s Skype, Teams, and Zoom.

Zoom has quickly grown in popularity over the past few months as a Video telecommunication service for both business and home users. Security concerns have however been raised regarding its encryption strategy. Researchers at the University of Toronto have raised concerns over the fact that Zoom uses AES-256 encryption, which maintains some elements of plaintext when encrypting its data.

Plaintext is when data is stored in plain English that can be read by anybody who intercepts the transmission. In contrast, encrypted data is scrambled into a form that is unreadable to anybody who does not have access to the encryption strategy or key that is used.

What are some teleconferencing best practices?

Understand the risks of Video Teleconferencing and use it to communicate appropriate information. There will always be inherent risks in using any VTC tool. Only use secure communication channels for important information.

Furthermore, keep your VTC software updated. Like any other software, telecommunication software often contain vulnerabilities that are repaired using software patches. Developers roll out fixes in their patch updates, and it is important to keep your computer updated to be protected from these known threats.

Don’t fall victim to security flaws in video teleconferencing software. Call us at +1 888 366 4443 for more best practices on how to protect yourself.

The post Video Teleconferencing (VTC) Security appeared first on GIGE IT Solutions: IT Services Mississauga.

In this environment, many organizations now rely on work-from-home for many of their employees. These remote workers rely on VPNs in order to connect to their companies’ network. However, a misconfigured network connection can be a cybersecurity vulnerability to your organization, becoming a point of attack for attackers to exploit.

What are VPN Connections?

A VPN, or a virtual private network, acts as a digital tunnel that allows a remote worker to securely connect to a local network at your office. Using a VPN, data that is sent over the internet from the remote computer is encrypted until it is captured by the connected network. Encrypted data is protected from cyberattackers by scrambling information into an unreadable format.

Like any online connection, no VPN is completely impervious to attack. Different vendors and their VPN products have different levels of security. Furhermore, every company’s VPN requirements are different – While some companies may need large numbers 1000+ of VPN connections, others only need a few. It is important to select the product that is most appropriate to your organization.

Cyberattackers are constantly trying to identify new security vulnerabilities in VPN code. When a new vulnerability is discovered, a fix is developed by cybersecurity professionals, and it is rolled out to the public through a software patch.  For example, in April of last year the Canadian Centre for Cyber Security notified Canadian companies that there were vulnerabilities in the VPN software from Fortinet, Palo Alto GlobalProtect, Pulse Connect Secure, and more. Neglecting to apply these patches to your computer will lead to your VPN being susceptible to known vulnerabilities.

Another step that you can take to secure your VPN connections is by using Multifactor authentication. This is the practice of adding a ‘second authentication’ method to ensure that attackers who have your password still cannot access your account. This is done by requiring logins from unfamiliar logins to use an additional key, either through a code or a token.

GIGE IT Solutions helps you organization set up secure VPN connections to help you protect your sensitive data. We help you choose the most appropriate solution for your company’s specific needs, and help you monitor, identify, and rectify security flaws that pose a threat to you. Call us at +1 888 366 4443 or email us at info@gige.ca to get started today.

The post Secure Your Work-from-Home VPN Connections appeared first on GIGE IT Solutions: IT Services Mississauga.

The data breach was the result of unauthorized access to Cathay Pacific’s servers that dated back to October of 2018.  In a statement on the breach, Cathay Pacific stated that it would like to “sincerely apologize for this incident”.

The UK’s Information Commissioner’s Office discovered that the  data breach had resulted in the records between October 2014 and May 2018 to be leaked.

This incident illustrates the importance of applying security patches to protect organization server. Cathay stated that it suspects the data breach occurred due to a known security vulnerability being exploited by cyberattackers. In its investigation, the UK Information Commissioner discovered that the company did not apply the security update fixing the patch, which was released over a decade prior to the attack. The vulnerability, which was not publically named, was in fact discovered in February 2007. It is known that attackers exploiting this vulnerability does not need technical skills and is able to get administrative access to a victim’s computer. Cathay pacific admitted that its regular vulnerability scans, which are used to detect potential security flaws in the company’s network, was not able to detect the vulnerability for over 10 years. It was discovered that one of the systems that was compromised had 16 security updates that were pending.

Another reason that the Cathay Pacific data breach occurred was that one if its servers was running an operating system that was no longer supported by its developer. Operating systems (O.S.), like many other software, requires constant updates to repair new security vulnerabilities that are discovered. After an operating system becomes end-of-life, however, the developer no longer releases software updates for it, leaving computers still running the operating system vulnerable to cyberattack. The most recent instance of this occurring is the Windows 7 End of life, which occurred on January 14^th of 2020. You can read more about operating system patches in our article here.

It is clear from the Cathay Pacific data breach that proper patch management is an important facet of keeping your organization’s IT safe from cyberattack. GIGE IT solutions’ network experts help you organization identify vulnerabilities in your organizations’ network. We audit and provide consultation and remediation strategies to help you stay protected from data leaks and cyberattacks.

The post Lessons Learned From The Cathay Pacific Data Breach appeared first on GIGE IT Solutions: IT Services Mississauga.

Remote work, which relies on establishing a secure connection between an employee’s home computer and the company network, can become a security vulnerability if left without any security measures. The security risks associated with remote work are not limited to cyberattackers that are trying to access your network maliciously. IT can also cover careless or negligent employee practices that lead to unintentional data leaks. An example of this is a misconfigured connection that lets unauthorized users gain access to the company’s data without proper credentials.

What are some strategies to help you protect your network against the dangers of remote connections?

Remote connections are inherently dangerous. Introducing a connection into a network can create a potential attack point. To minimize your exposure, practice network segmentation. Network segmentation is the cybersecurity best practice that involves dividing your network into disconnected sections. This ensures that even if one segment of your network becomes infected, the other areas are still secure.

Virtual Private networks remain an effective way of protecting connections that you set up between home computers and company networks. They are also a useful tool for protecting a connection that you make between your home computer and work environment be more secure, as they basically simulate a private connection over a public network such as the internet.

Don’t leave yourself vulnerable. Give us a call today at +1 888 366 4443 or email us at info@gige.ca to get started with protecting your network from remote connection threats.

The post Remote Connections Can Become Security Vulnerabilities. How Can You Protect Your Network? appeared first on GIGE IT Solutions: IT Services Mississauga.

Information that was leaked to the public included customer addresses, phone numbers, birthdays, and email addresses. The information was posted publicly on a hacking forum.

In the post-leak security audit, MGM discovered that the breach was caused by an unauthorized individual gaining access to one of the company’s cloud servers in the summer of 2019.

In a statement, MGM assured the public that credit card information or password data was leaked in the incident.

Best practices if your personal data has been leaked

In today’s information environment, it is almost impossible to avoid becoming the victim of data leaks such as the above incident. However, what are some damage mitigations steps that you can take if you are notified that your data has been exposed?

Monitor your accounts diligently

Constantly monitor your inboxes, as companies will often notify account holders of suspicious logins from unfamiliar locations. If you receive an email that your account has been accessed from an unfamiliar location or device, change your credentials and log out of all other locations immediately.

Using 2 factor authentication

If your password was among information that was leaked, it is important to update any other accounts that share the same password. As an additional security measure, it is also best practice to enable 2 factor authentication on your accounts, as they will prevent a cyberattacker from entering your account even if they are in possession of your login credentials. To read more about 2 factor authentication and password management, read our article here.

Don’t let your business fall victim to data leaks. Call GIGE IT Solutions at +1 888 366 4443 for a consultation on weak points in your organization’s network infrastructure. Get started with us today.

The post 10.6 Million Customer Records Leaked by MGM Resorts appeared first on GIGE IT Solutions: IT Services Mississauga.

SSH, or Secure Shell, is a method used to establish a secure login between two systems. It is widely used across many operating systems. Using an SSH key, an IT administrators can gain access to servers and computers. Because SSH keys do not expire, and unauthorized individual in possession of and SSH key to a server can be a cyberscurity risk, as they would be able to gain access to the organization.

SSH malware is now widely available

Previously, SSH backdoor malware was only used by highly organized cyberattacker threats. However, in recent times it has been observed more widely in the wild. SSH key backdoor malware is now available to anybody who browses the dark web.

Oftentimes, such as in the case of malware strains such as Trickbot and CryptoSink, cyberattackers abuse known vulnerabilities in operating systems or software in order to gain a foothold in a company’s infrastructure. An example of this is CVE-2014-3120, an exploit that allowed cyberattackers to run arbitrary code on a victim’s system.

New vulnerabiltiies such as CVE-2014-3120 are constantly being discovered and repaired by software engineers and cyber security professionals. It is essential that you patch your computers to the latest software to keep them protected from such vulnerabilities.

Monitoring and updating outdated SSH keys is also another effective method in preventing cyberattack By doing so, cyberattackers would not be able to create malicious SSH keys to gain access to your organization’s systems. Furthermore, like defending against all types of cyberattacks, time is an important resource. The faster that your IT management can catch the vulnerability, the less damage that a cyberattacker can do.

Don’t fall victim to SSH backdoor malware. GIGE’s cybersecurity experts have over 30 years of experience in auditing and protecting organizations’ networks. We can help your organization identify and rectify vulnerabilities in your network. Call +1 888 366 4443 or email us at info@gige.ca to get started with us today.

The post SSH Key Malware Is Spreading appeared first on GIGE IT Solutions: IT Services Mississauga.

Up until recently, it was believed that the only way that Emotet trojan could infect a computer was through malicious email links. However, it was recently discovered that it can now propagate itself through wifi networks.

It was discovered that once the Trojan malware had infected a PC, it can automatically spread through a connected wifi network by detecting and brute forcing the credentials to the network.

Once the malware gains access to the wifi network, it then infects other PCs connected to it, stealing personal information or installing further malware such as ransomware onto the systems.

Who is at risk?

When Emotet was first detected, cyberattackers were largely using it to target banking customers in Europe. Its scope has since expanded and now ranges from individuals, businesses, and governments.

What are best practices to keep yourself protected?

The Emotet malware uses brute force attacks to gain access to wifi networks. A brute force attack ‘guesses’ the correct credentials through rapid trial-and-error, relying on a repository of previously cracked and common passwords in order to cut down the time required. A recent brute force attack cost an unnamed Canadian company $1M . You can read more about that attack in our article here. In light of this, it is essential to ensure that your organization changes the default passwords on all its network devices. Leaving the credentials unchanged increases the likelihood that it can be breached by a cyberattacker using brute force.

The post The Emotet Trojan Malware Is Spreading Through Wifi appeared first on GIGE IT Solutions: IT Services Mississauga.