Ransomware as a Service
What is ransomware as a service? You’re likely familiar with software as a service (SaaS) but ransomware? What does that mean?
First, let’s do a quick recap of what ransomware is. It is a type of malware that holds the victim’s files and folders for ransom. Through human error, the malware is deployed and encrypts network data, with a safe return being promised once the ransom is paid. And with payments usually made through cryptocurrency, traceability is eliminated.
The ransomware as a service business model was developed for criminal purposes, with the product or service being purchased for illegal activity. Ransomware requires little effort with potentially big payouts.
What Is Zero Trust?
Zero Trust Access
Zero Trust, or Zero Trust Access, is the term applied to the strategy which assumes that you cannot trust the individual or device until verified. The good guys, the bad guys, and all devices are the same and should not be trusted automatically. Proof of trust is verified with credentials.
The term was first coined in 1994 by Stephan Paul Marsh at the University of Stirling as part of his doctoral thesis that focused on trust. Over the next ten years, it became part of the tech vernacular as it relates to defining the perimeter of security access.
Back to School: Student Cybersecurity Tips
It’s back-to-school time, and no matter the age of the student, or the location of the school, there’s one class that everyone needs to pass. Smart cybersecurity habits need to be on all of our minds, and we can’t afford to fail. We’ve put together some reminders about staying safe online and with your technology.
Before You Start Classes
Make sure that you’re starting off the academic year on solid footing.
Cyber Insurance Liability
Misrepresenting yourself is easy to do in a world where many of our interactions exist online. Why not put that profile photo of yourself up at the gym from a few years ago when you actually went there regularly? You’ll eventually get back to working out. There’s no harm in it. Deceptive? Sort of. But in a situation like that, while misleading, it likely won’t cause issues if uncovered.
But what about misrepresentation when it comes to your business? If you apply for cyber insurance and have cybersecurity measures and tools that you’ve purchased but don’t use, is it lying to say that they are “in place”?
What Is Malvertising?
Oxford Dictionary defines malvertising as ‘the practice of incorporating malware in online advertisements.’ Short for malicious software, or malware advertising, this is the practice of attacking viewers or consumers with fraudulent information that is inserted into sometimes (but not always) legitimate advertisements.
How Does It Work
Malvertising works in conjunction with the online advertising ecosystem by initiating multiple redirects after the user clicks or views an infected advertisement.
Initial Access Brokers: Who Are They?
Imagine if a locksmith created a key for your home or business, then sold a copy of that key to a burglar. They didn’t steal your belongings, but they provided access, making them integral to the process for it to occur. Initial Access Brokers (IABs) work in a similar fashion. The name says it all, they provide the initial access to your account and do this by brokering or selling your credentials to the cybercriminals who will then take it a step further and steal data or deploy ransomware for extortion of funds.
Removable Media & Cybersecurity
According to the United States Government Depart of Commerce National Institute of Standards and Technology (NIST), a removable media device or portable storage device is:
“A system component that can communicate with and be added to or removed from a system or network and that is limited to data storage—including text, video, audio or image data—as its primary function (e.g., optical discs, external or removable hard drives, external or removable solid-state disk drives, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks).”
Dangerous Malware Disguised as Antivirus Software
It is so easy to become complacent in our cybersecurity behaviors. But Android users should be given a shake this week and alerted to malware that is being deployed unknowingly by users who think that they are downloading anti-virus apps via the Google Play store. There were six different cases found to contain the Sharkbot malware in recent days. Initially discovered in October of 2021, this banking trojan makes money transfers by stealing credentials and banking information.
Nothing But InterNET – How to Explain the Dark Web
As an MSP, your clients know you’re there to “take care of the computers”. The scenario is often (but not always) that they have their job to do, and you’ll hear from them when there’s an issue that prevents that from happening. Regardless of their level of insight or knowledge of technology, they likely know the words and phrases that are dropped in conversations today as cybersecurity becomes part of the mainstream. They may acknowledge that the Dark Web exists, but the concept of exactly what that means may remain a little fuzzy.
Baseline Cybersecurity Assessment for Remote Employees
Our recent launch of the Baseline Employee Cybersecurity Assessment provides MSPs with a new tool to add to their prospecting and baseline risk detection efforts. As an MSP, it gives you the opportunity to show prospects and clients that human security plays a key role in protecting their organization and that without proper ongoing training, employees are an easy entry point for cybercriminals.
While a security risk assessment will identify gaps in a business environment, the human element should never be overlooked or assumed to be foolproof.