IT solutions | GIGE IT Solutions: IT Services Mississauga https://gige.ca/tag/it-solutions IT Services & IT Solutions Mississauga & Toronto Thu, 04 Jun 2020 20:24:59 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.5 https://gige.ca/wp-content/uploads/2017/06/cropped-tab-icon-g-final-32x32.png IT solutions | GIGE IT Solutions: IT Services Mississauga https://gige.ca/tag/it-solutions 32 32 Increase in Cyberattacks Targeting Cloud Applications https://gige.ca/increase-in-cyberattacks-targeting-cloud-applications Thu, 04 Jun 2020 20:24:59 +0000 https://gige.ca/?p=9535 COVID-19 has caused many businesses to adopt cloud applications to keep up company productivity. Cloud applications are programs and digital tools that are hosted in the internet and allow for easy collaborative workflows and communication. A prime example of a cloud application is Microsoft’s Office 365 suite. It brings the well-known Office applications such as…
Read more

The post Increase in Cyberattacks Targeting Cloud Applications first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Increase in Cyberattacks Targeting Cloud Applications appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
COVID-19 has caused many businesses to adopt cloud applications to keep up company productivity. Cloud applications are programs and digital tools that are hosted in the internet and allow for easy collaborative workflows and communication.

A prime example of a cloud application is Microsoft’s Office 365 suite. It brings the well-known Office applications such as Word and Excel and makes it easier for teams to collaborate, share files, and use video calls for communication over the internet. While these tools have been available for years, COVID-19 has brought them into the spotlight, as they have become invaluable assets for companies to maintain their workflows. Some other cloud based tools include Zoom and Slack.

In a recent study conducted by cybersecurity company McAfee on cloud application usage rates, it was found that between January and April of this year, the usage of cloud based tools increased by 50%. It was also discovered that cyberattacks targeting these cloud applications increased by a factor of 630%.

In their study,  these cyberattacks were identified using two main methods. The first method, ‘activity from an uknown location’, flags suspicious log in attempts made on an account in a location that is unusual, based on historical log in data. The second method, ‘suspicious superhuman’, detects login attempts that would be geographically impossible. An example of this would be two logins attempts from across the globe within 5 minutes of each other.

What are their methods of intrusion?

One of the most common methods of infiltrating cloud based accounts is by using “spraying attacks”. This is a type of brute-force attack that attempts to guess a user’s password based on commonly used passwords, and a common habit for users to reuse passwords across services.

The most effective method of protecting yourself from spraying attacks is by enabling multifactor authentication. This makes sure that external cyberattackers cannot get into your cloud accounts. An account protected by MFA cannot be accessed by someone who does not have access to both the credentials and the external device or mailbox associated with the account.

Don’t let your cloud accounts be compromised. Protect yourself by calling GIGE at +1 888 366 4443 or emailing us at info@gige.ca to get started.

The post Increase in Cyberattacks Targeting Cloud Applications first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Increase in Cyberattacks Targeting Cloud Applications appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
9535
The Emotet Trojan Malware Is Spreading Through Wifi https://gige.ca/emotet-trojan-malware Thu, 13 Feb 2020 17:09:05 +0000 https://gige.ca/?p=9336 The Trojan malware strain known as Emotet has been in circulation ever since 2014. Early versions of the malware aimed to steal sensitive information or credentials after infecting victims’ computers. Up until recently, it was believed that the only way that Emotet trojan could infect a computer was through malicious email links. However, it was…
Read more

The post The Emotet Trojan Malware Is Spreading Through Wifi first appeared on GIGE IT Solutions: IT Services Mississauga.

The post The Emotet Trojan Malware Is Spreading Through Wifi appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
The Trojan malware strain known as Emotet has been in circulation ever since 2014. Early versions of the malware aimed to steal sensitive information or credentials after infecting victims’ computers.

Up until recently, it was believed that the only way that Emotet trojan could infect a computer was through malicious email links. However, it was recently discovered that it can now propagate itself through wifi networks.

It was discovered that once the Trojan malware had infected a PC, it can automatically spread through a connected wifi network by detecting and brute forcing the credentials to the network.

Once the malware gains access to the wifi network, it then infects other PCs connected to it, stealing personal information or installing further malware such as ransomware onto the systems.

Who is at risk?

When Emotet was first detected, cyberattackers were largely using it to target banking customers in Europe. Its scope has since expanded and now ranges from individuals, businesses, and governments.

What are best practices to keep yourself protected?

The Emotet malware uses brute force attacks to gain access to wifi networks. A brute force attack ‘guesses’ the correct credentials through rapid trial-and-error, relying on a repository of previously cracked and common passwords in order to cut down the time required. A recent brute force attack cost an unnamed Canadian company $1M . You can read more about that attack in our article here. In light of this, it is essential to ensure that your organization changes the default passwords on all its network devices. Leaving the credentials unchanged increases the likelihood that it can be breached by a cyberattacker using brute force.

The post The Emotet Trojan Malware Is Spreading Through Wifi first appeared on GIGE IT Solutions: IT Services Mississauga.

The post The Emotet Trojan Malware Is Spreading Through Wifi appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
9336
The Most Dangerous Software Errors Have Been Identified https://gige.ca/most-dangerous-software-errors Mon, 30 Sep 2019 19:58:20 +0000 https://gige.ca/?p=9036 The post The Most Dangerous Software Errors Have Been Identified appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

American Not-for-profit research organization MITRE has published their 2019 report for the “Top 25 Most Dangerous Software Errors”. In their report, MITRE placed buffer flaws and cross-site scripting at the top of their list.

The CWE list of top 25 most dangerous software errors is a useful reference for software developers and cybersecurity professionals when writing software and designing security solutions.

The number 1 spot on the list is buffer flaws. A buffer flaw is a software mistake that allows for code to be read or written to memory locations that are beyond its intended limits. CVE-2019-1212 was a buffer flaw that was patched by Microsoft on August 13th 2019. It affected a wide range of operating systems including Windows Server 2019, Windows 7 and Windows 10.

 

Cross site scripting

The second most dangerous software error on the list was cross site scripting. This is when a web application unintentionally allows unauthorized data to enter. Cross-site scripting is most dangerous when paired with a type of cyberattack called watering-hole attacks. These exploit cross site scripting as a middle-step for the ultimate goal of infecting users’ personal computers.

 

What can you do to against these dangers?

MITRE released the following recommendations to mitigate the risk of buffer flaws when writing code:

  • When managing an application’s memory, make sure that the buffer size is the same size as the value that you allocated it.
  • If you are using the buffer in a loop, make sure that you are not using more than the allocated space

For cross-scripting, MITRE notes that using a 3rd party firewall can reduce the risk of being infected. This is because situations where the vulnerability cannot be immediately fixed are common.

Contact us today at +1 888 366 4443 or info@gige.ca to learn more about how we can help you design and protect your network.

The post The Most Dangerous Software Errors Have Been Identified first appeared on GIGE IT Solutions: IT Services Mississauga.

The post The Most Dangerous Software Errors Have Been Identified appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
9036
IT Services Company HCL Suffers Data-Leak, Quickly Recovers https://gige.ca/hcl-data-leak Tue, 18 Jun 2019 15:19:57 +0000 https://gige.ca/?p=8625 HCL, a multibillion dollar company with over 100 000 employees, has suffered a data leak of sensitive customer and employee information. The leak was discovered on May 1st 2019 by a research team in UpGuard. Information that was leaked included employee information, customer information, and company project details. For employees of the company, names, IDs,…
Read more

The post IT Services Company HCL Suffers Data-Leak, Quickly Recovers first appeared on GIGE IT Solutions: IT Services Mississauga.

The post IT Services Company HCL Suffers Data-Leak, Quickly Recovers appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

HCL, a multibillion dollar company with over 100 000 employees, has suffered a data leak of sensitive customer and employee information. The leak was discovered on May 1st 2019 by a research team in UpGuard.

Information that was leaked included employee information, customer information, and company project details. For employees of the company, names, IDs, and contact information dating back to 2013 were leaked.

HCL has not been the only victim this year of data leaks. In April, UpGuard researchers also discovered that a configuration error by Facebook-partner Cultura Colectiva allowed 500 million user records to be publicly available for download. Leaked information included Facebook comments, account names and IDs.

In a 2019 report by Verizon, it was found that around 34% of data breaches were caused by individuals within the companies. A large part of this was caused by human error, such as CC’ing incorrect people in e-mails, accidentally publishing sensitive information online, or mistakes in network configurations.

The HCL data leak incident illustrates the importance of damage mitigation in the event of data leaks. The risk of data leaks will always be present, as there will always be the risk of human error. Therefore, it is equally as important to ensure that the protocols to minimize exposure are well-defined. UpGuard reported that within 48 hours, HCL was able to recover from the data leak and make the information private again. This was largely due to the fact that the contact information of the data protection officer was easily located.

GIGE Solutions helps design and manage your data privacy and IT infrastructure. Contact us at +1 888 366 4443 to get started with us today.

The post IT Services Company HCL Suffers Data-Leak, Quickly Recovers first appeared on GIGE IT Solutions: IT Services Mississauga.

The post IT Services Company HCL Suffers Data-Leak, Quickly Recovers appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
8625
How to Prepare for the Upcoming Data Privacy Act https://gige.ca/digital-privacy-act Wed, 03 Oct 2018 14:16:42 +0000 https://gige.ca/?p=5843 The post How to Prepare for the Upcoming Data Privacy Act appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
data protection and regulation GDPR policies

The Canadian government has set November 1st as the official date that the new Digital Privacy Act will be implemented. On this day, all private Canadian organizations will need to ensure that they have adhered to the rules defined by this new act. The document outlines regulations regarding the protocols of handling data breaches – specifically, who and when need to be notified in the event of data leakage. According to the Privacy Act, fines of up to $100 000 can be issued if an organization fails to notify a data breach to either the Privacy Commissioner of Canada, or the customers affected. Below are three important rules outlined by the Digital Privacy Act.

Reporting to the Privacy Commissioner of Canada

In the event of a data breach, the incident must be reported to the Privacy Commissioner of Canada as soon as possible. This report must contain as much of the following information as is known at the time. Firstly, it must outline the causes and depth of the breach, as well as the time that it occurred. The report must also include an estimate of the number of people who will be affected. Furthermore, it must include information on the strategy that the organization plans to employ in containing and repairing the breach. Finally, contact information of a person who can continue communications with the Privacy Commissioner needs be provided.

Reporting to the Impacted Customer

A similar report outlining the causes, scope, and reparation strategy must be provided to the individuals who are affected by the data breach. The Data Privacy Act outlines that this communication must be done in one of two methods – directly, or indirectly.

Direct communication includes methods such as email or over the telephone, while indirect communication involves public announcements.

However, indirect communication can only be used in the case of one of the following circumstances: If direct communication would cause more damage to the affected person, if direct communication would require undue hardship to the company, or if no customer contact information is available.

Keeping reports after Data Incidents

Finally, the Digital Privacy Act states that records of a data breach incident must be kept for a minimum of 2 years after the company first detects the incident. The Government of Canada states that this record-keeping will have numerous benefits to the IT security industry. In a statement, they noted that stricter reporting will ensure that affected individuals have the tools to become informed and protect themselves. Furthermore, the availability of these reports will create industry standards for handling these data breaches. This will overall have positive impact on the ability for Canadian organizations to deal with cybersecurity incidents.

Become prepared for the quickly-approaching deadline with GigE’s team of IT security Technicians. Call us at +1 888 366 4443 for a consult today.

The post How to Prepare for the Upcoming Data Privacy Act first appeared on GIGE IT Solutions: IT Services Mississauga.

The post How to Prepare for the Upcoming Data Privacy Act appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5843
Why Protecting Your Server is Critical to your Company’s Cybersecurity https://gige.ca/why-protecting-your-server-is-critical-to-your-companys-cybersecurity Mon, 23 Jul 2018 17:55:52 +0000 https://gige.ca/?p=5728 The post Why Protecting Your Server is Critical to your Company’s Cybersecurity appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

A server is a computer that is connected to other systems in a company through either the internet or a local network, and that dedicates its resources to ‘serving’ these computers. Because of this, servers are in constant communication with all company systems, storing, processing, and communicating data. Due to the fact that they are the central nodes of an organization’s network, they are often the targets of malware attacks. This is because servers are connected to most, if not all company systems, and therefore give easy avenues for the attackers to spread their malicious software to all computers on the network. In light of this, protecting your server should be viewed as critically important when it comes to company cybersecurity.

Recent Malware Attacks that Ravaged Company Servers

On July 16th, Algonquin College reported that its servers were affected by a malware attack on May 16th. The infected server, they stated, contained sensitive information belonging to students, employees, and alumni. It is believed that data such as date-of-birth and home addresses of 4,568 individuals was leaked, and that the non-sensitive data of another 106,931 individuals could also have been compromised.

Another recent case of malware infecting server systems was the “Wannacry” malicious software. In 2017, this ransomware was able to lock the files of hundreds of thousands of systems behind ransom-walls. The widespread reach of the malware was attributed to the fact that it has “worm capability”, allowing it to spread to computers connected to a server without any input from the user. In other words, once this malware attached itself onto the central server of an organization, all connected systems became at-risk of infection.

Finally, the “Adylkuzz” malware also demonstrates the importance of protecting your server. This malware is categorized as “cryptomining malware”, which transforms the infected system into a cryptomining slave that wastes its resources making digital currency for the attacker.

How to protect your servers against Malware Attacks

In many of the above instances, malware was able to infiltrate an organizations’ servers due to the fact that the companies neglected to keep their systems up-to-date with current patches. Servers, like any other system, use operating systems such as Windows. Therefore, they need to be constantly updated to receive the latest security measures developed by vendors such as Microsoft.

Following the Wannacry outbreak, Microsoft released a statement noting that “EternalBlue”, the security vulnerability that was exploited by the attackers, had in fact been patched two months prior to the incident. However, many companies failed to install the fix, leaving their systems open to infection. Similarly, the vulnerability used by “Adylkuzz” called CVE-2017-7269 was also repaired prior to the event by Microsoft in an update released on June 13th, 2017. The severity of both of these incidents could have been drastically mitigated if organizations had been more diligent in keeping their servers’ operating systems up-to-date.

Therefore, it is clear that protecting your company’s server is critical to the safety of all systems on your network. Because they are connected to many of an organization’s systems, malware-infected servers become extreme threats to the security of all computers connected to it.

At GigE, our experts have years of experience in ensuring that your organization’s servers and computers are up-to-date with current software. Do not fall victim to malware and contact us today at +1 (888) 366-4443.

The post Why Protecting Your Server is Critical to your Company’s Cybersecurity first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Why Protecting Your Server is Critical to your Company’s Cybersecurity appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5728
The Rise of Cryptojackers: What It Is and Symptoms To Look For https://gige.ca/the-rise-of-cryptojacker-attacks-what-it-is-and-symptoms-to-look-for Fri, 06 Jul 2018 18:09:09 +0000 https://gige.ca/?p=5700 The post The Rise of Cryptojackers: What It Is and Symptoms To Look For appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cyptojacker tools.

What are Cryptomining and Cryptojackers?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when attackers install malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for cyberattackers, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptomining Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacking malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, attackers can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

 

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cryptojacker tools.

What are Cryptomining and Cryptojacker Attacks?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when a cryptojacker installs malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for a cryptojcaker, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptojacker Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacker malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, a cryptojacker can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

 

The post The Rise of Cryptojackers: What It Is and Symptoms To Look For first appeared on GIGE IT Solutions: IT Services Mississauga.

The post The Rise of Cryptojackers: What It Is and Symptoms To Look For appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5700
Why Is Patching So Important For Cybersecurity? https://gige.ca/why-is-patching-so-important-for-cybersecurity Thu, 21 Jun 2018 15:31:17 +0000 http://gige.ca/?p=5674 The post Why Is Patching So Important For Cybersecurity? appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

The Importance of Software Updates for Protection

One of the simplest yet most critical steps in protecting your computers from cyber threats is ensuring that they are patching the latest updates from developers. Microsoft has reported that only 1/3 of Windows 10 computers have applied the update that they released on April 30th 2018. This leaves 450 million systems still running an out-of-date version of the operating system.

Patches do not only contain bug fixes and performance improvements. Instead, they often provide fixes to newly discovered vulnerabilities in the software. Despite this, many organizations delay patching for months after they are released, exposing their data to potential attack.

Furthermore, oftentimes cyberattacks do not need to be targeted at specific organizations. Instead, attackers can automate a scan of the internet to locate all systems running older vulnerable versions of a particular software. After identifying these systems, they can then infect them with malicious software.

Therefore it is essential that you keep your organization’s computers up to date with the latest patches in order to protect them from cyberattack.

Major Incidents Caused by Neglected Updates

In April 2017 hacker group Shadow Brokers leaked a cyber vulnerability used by the U.S. National Security Agency which allowed attackers to lock-up files on hundreds of thousands of computers. The vulnerability, named “EternalBlue”, was able to be exploited by a malicious software called WannaCry. Microsoft reported that it had in fact released the patch protecting against this vulnerability a month prior to the event. However many organizations neglected to apply the update, and were therefore left vulnerable to the attack.

This incident was an example of an opportunistic, rather than targeted attack. Instead of focusing efforts on specific organizations, attackers instead scan for unprotected computers and target those vulnerable to their malware. Rendition researchers demonstrated this automation process during their efforts to find out how many computers had been impacted. By mass-distributing ‘pings’ that were sensitive to the DoublePulsar malware, they were able to echolocate systems impacted by this virus. However while Rendition used this strategy to identify infected computers, attackers can likewise use it to discover vulnerable PCs. This was the case in another incident involving the SamSam malware, which affected computers running outdated versions of Jexboss software.

In another incident in September 2017, Credit Reporting Agency Equifax reported that close to 150 million consumers located in the US, Canada, and UK had their data compromised because of the delayed update of a software they used called Apache Struts. The vulnerability allowed attackers to gain control of the affected computers.

Similarly to Microsoft, Apache released a statement noting that the vulnerabilities had been identified and patched March of that year. In fact, the U.S. Computer Emergency Readiness team (US-CERT) had also released an announcement that same month, urging users to update their Struts software to newer versions.

Learning from these incidents, it is clear that keeping up with patches is an essential step to protecting your computer against new cyber threats. This is not only the case for operating systems such as Windows, but also for many open-sourced software such as Apache. In fact, Black Duck found that 78% of open-source codebases contained cyber-vulnerabilities, which now often make up the majority of software.

At GigE, our experts can help your organization ensure that it is patching the latest patch software, to maximize protection of your sensitive data. Contact us at +1 (888) 366-4443 to get started today.

The post Why Is Patching So Important For Cybersecurity? first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Why Is Patching So Important For Cybersecurity? appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5674
Four Essential GDPR Requirements To Consider https://gige.ca/four-essential-gdpr-requirements-to-consider-1 Tue, 22 May 2018 20:49:12 +0000 http://gige.ca/?p=5650 The post Four Essential GDPR Requirements To Consider appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>

Four Essential GDPR Requirements To Consider

A survey carried out by the ISACA found that a mere 29% of companies worldwide will be prepared for the compliance deadline of new the GDPR requirements, which will be implemented on May 25th 2018. The new regulation outlines requirements for businesses in order to protect the personal information of EU-residing clients.

Significantly, the regulation also applies to companies that are not operating in the European Union, but still possess the personal information of individuals living in the EU. It is stated that the penalty for violating the terms outlined in the regulation is the greater value between either “€20 million or 4% of annual global turnover”.

Not only are businesses unprepared for the fast-approaching deadline, but Reuters finds that many regulators still lack the funds to enforce the new rules. It was found that 17 of the 24 interviewed regulating bodies were still unprepared to reinforce the laws. However, companies should not use this as a reason to delay their preparations to comply with the GDPR. Therefore, it is important for Canadian companies to become informed of four main requirements presented by the regulation act.

Firstly, Privacy By Design must be considered in the usage of client personal information. Specifically, the GDPR states that only personal data essential to the functioning of the company should be kept, and that this information must only be accessible to those who need to process it. The concept itself is not new, being based on fundamental principles which were outlined over 10 years ago by Ontario Information and Privacy Commissioner Dr. Ann Cavoukian. These include ideas such as “Privacy as the default setting” and “Privacy embedded into design”.

Second, the GDPR requirements outline cases wherein personal data must be deleted from company databases – a concept known as the Right to be Forgotten. It is stated that when data is both no longer required for its original use, and the client no longer consents to its use, then the data must be erased. While the importance of the “Right to be Forgotten” is stressed by the GDPR, however, they also recognize the need to balance this with other interests, such as access to public information.

Third, data must be erased when Consent is no longer given by the client to store and use their information. Furthermore, the GDPR states the need for companies to ensure informed consent by providing clear and accessible consent forms to clients. Significantly, they prohibit further use of legal terminology that is not understandable by the general public.

Finally, the GDPR requirements state that companies must now always Notify Clients of Data Breaches. It is specifically stated that after a breach is identified, affected clients must be notified immediately, and regulators notified within a 72 hour period.

In sum, if the GDPR is implemented successfully, Forrester reports that it will be advantages to both businesses and clients. While clients will be ensured of the safe and responsible use of their personal information, corporations will enjoy increased customer satisfaction by adapting to rapidly changing corporate expectations. Therefore, it is important for Canadian businesses to ensure their compliance to the GDPR before May 25th 2018.

For more information on how to prepare for the upcoming GDPR deadline, Call GigE at +1 (888) 366-4443. You can learn more about out networking solutions here.

The post Four Essential GDPR Requirements To Consider first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Four Essential GDPR Requirements To Consider appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5650
How To Protect Your Business Against Cryptojacking https://gige.ca/how-to-protect-your-business-against-cryptojacking Tue, 08 May 2018 17:49:26 +0000 http://gige.ca/?p=5632 The post How To Protect Your Business Against Cryptojacking appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
Crypto Currency Mining

How To Protect Your Business Against Cryptojacking

With the advancement in technology to ease up the business, there has been an increase in the number of cyber attacks as well. Cryptojacking is one of the forms of cyber attack in which a hacker uses the computing power of a target to mine cryptocurrency. In this process, the attackers try to take advantage of the security loopholes in a business’ I.T. infrastructure. One such example according to RedLock in the attack on the cloud account of Tesla company, to mine for Monero, a cryptocurrency similar to Bitcoin.

Cryptocurrency mining is a process by which transactions are verified. It’s also a process by which a new crypto coin is released. Miners, those who allow their computers to be used for cryptocurrency mining, are compensated for the computer and electricity usage.

Attackers use following flaws or methods to mine the cryptocurrency by stealing the computing resources of businesses:

  1. No Password Protection

This is the most basic flaw in I.T. Security, having no password protection in place is sort of an open invitation for attackers. As per the report from RedLock, both Tesla and Aviva were hacked as they were both using Kubernetes administration consoles that were accessible over the internet without any password protection. Kubernetes is an open-sourced tool used to control the computing resources needed to run the apps of an organization.

  1. EternalBlue Exploit

May 2017, hundreds and thousands of computers were under the attack of WannaCry ransomware. A few people know that even before this WannaCry attack, there was another malware “Adylkuzz” that used the same EternalBlue vulnerability. This malware was used to mine cryptocurrency Monero, which according to Proofpoint appeared as early as April 24, 2017. Symptoms of the Adylkuzz cyber attack include loss of access to shared Windows resources and degradation of server and PC performance.

  1. Browser-Based Cryptojacking

In browser-based cryptojacking, a cryptocurrency mining code is embedded into a website, and site visitors run the mining code via their browser. Browser-based cryptojacking has been around since 2011. Slow computer performance and general unresponsiveness when browsing the web are signs that your organization’s computers are silently mining Monero and enriching the hackers.

There a few ways to keep your business safe from cryptojacking:

  1. Monitor Network Traffic

To protect your cloud account from cryptojacking, monitor the network traffic. “By monitoring network traffic and correlating it with configuration data, Tesla could have detected suspicious network traffic being generated by the compromised Kubernetes pod,” RedLock said.

  1. Keep Your Organization’s Server Operating System (OS) Up-to-Date

Installing Microsoft’s March 14, 2017 security update, also known as the MS17-010 update, is an effective means to block Adylkuzz cryptocurrency mining malware from infecting your organization’s physical server. The MS17-010 update fixes the EternalBlue, the security vulnerability exploited by Adylkuzz.

  1. Get a Quality Cryptocurrency Mining Security Solution

To prevent cryptojacking, get a quality cryptocurrency mining security solution. This security solution should be able to detect and block all types of cryptocurrency mining activities, whether they are browser-based or file-based.

At GigE, we offer cybersecurity services that’ll protect your organization’s cloud account and physical servers from cyber attacks like cryptojacking. Call +1 (888) 366-4443 to schedule and appointment or more detailed information on our services.

The post How To Protect Your Business Against Cryptojacking first appeared on GIGE IT Solutions: IT Services Mississauga.

The post How To Protect Your Business Against Cryptojacking appeared first on GIGE IT Solutions: IT Services Mississauga.

]]>
5632