The Rubber Ducky Hacking Tool is Back
The new rubber ducky hacking tool is a potentially dangerous piece of hardware.
For millions of people, the rubber ducky is a benign reminder of childhood. Depending on when you were a child, the rendition of Sesame Street’s Ernie singing “Rubber Duckie, you’re the one,” is ingrained in your mind every time you hear the term. Unfortunately, the Rubber Ducky we are going to tell you about today has only fond recollection for people who are looking to breach networks they aren’t authorized to access or deliver malware payloads that are designed to cause havoc.
What is the Rubber Ducky?
The Rubber Ducky is a device that looks like a regular flash drive that you would use to transfer files from one PC to another. We’ve all used them, and with most of us moving to cloud-based platforms, they don’t seem to be as popular as they once were. Well, despite that notion, the USB flash drive industry is growing at a pretty impressive 7% year-over-year and is currently a $7+ billion industry. That means there are a lot of USB flash drives being created every year and that means that there are millions of them just floating around.
The Rubber Ducky is more than your average USB flash drive, however. It looks like one, but when it is plugged into a computer, it is read as a simple accessory like a keyboard. This means that any defensive measure that is set up to thwart potentially dangerous data transmission is already worked around when the device gets plugged in, making it much easier for the device to work for the hacker’s end goals, whatever they are. Any keystroke taken while the device is open, is trusted, making the sky the proverbial limit when it comes to device access.
What Kind of Threat Is the Modern Rubber Ducky?
Any USB dongle needs to be carefully considered before inserting it into your computer, but the Rubber Ducky is designed to overcome the limitations of previous versions of the hardware. The new version makes a major upgrade in that it runs on the “DuckyScript” programming language that the device will use to create demands on any target machine. Other iterations of the Rubber Ducky were limited to writing what are known as “keystroke sequences”, the new DuckyScript is a feature-rich language, which lets users write functions, store variables, and use logic to make it possible to carry out complex computations.
Now the Rubber Ducky can determine which operating system is running a machine and deploy code that allows for hackers to get into the appropriate software. It can also mask automated executions by adding a delay between keystrokes to make the computing system think that it is human. Most intrusively, it can steal data from any target by encoding it in binary, giving users the ability to extract critical information (such as saved authentication) with ease.
What You Can Do
The best practice here is to not allow strange USB dongles to be placed in your device’s USB drives. Unless you know exactly where the device has come from and what is on it, avoiding interactions with it is the best way to keep away anything unsavory that happens to be on the device to interact with your computer’s OS, and by extension, your network.
Being wary of hardware is just one part of keeping your business and personal information secure. Point North Networks can help build a cybersecurity strategy that takes into account all types of malware deployment methodology, keeping you from any problematic experiences with your IT. Give us a call today at 651-234-0895 to learn more.
Frequently Asked Questions About Rubber Ducky Hacking Tool
How fast can Rubber Ducky type?
Rubber ducky is known to type at an incredible speed of up to 1,000 words per minute, which is why it can easily change the class codes of the target machine and hack it within a few seconds.
What coding language does Rubber Ducky use?
USB Rubber Ducky uses DuckyScript as its source code, as well as its programming language. Using this language, the ducky types keystroke injection payloads into computers at incredible speeds.
Is the USB rubber ducky hacking tool available online?
Yes. Unfortunately, the average USB flash drive with a rubber ducky tool is available online, at a measly cost of $45.
Who’s Really Hurt the Most by Card Skimmers?
It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.
Unfortunately, card skimming is even worse for those who rely on prepaid cards provided by the state for food assistance. Let’s consider why this is.
Skimming Losses are Worse for Those Receiving Assistance
Authorities across the country have taken note of increased losses associated with those receiving assistance through the Electronic Benefits Transfer (better known as EBT), which permits participants with the Supplemental Nutrition Assistance Program (SNAP) to pay for their food purchases.
When a SNAP card is used, the associated EBT account is debited so the store is reimbursed for the purchase. In this way, the EBT card is effectively a debit card—they even have an associated PIN and can be used to withdraw money from an ATM.
However, EBT cards largely lack the protections that most other payment cards have, like the more secure smart chip technology that makes these cards harder to duplicate, or the fraud protections that other payment cards have. If SNAP funds are fraudulently stolen and spent, the rightful recipient has little recourse to take. They’re effectively out that money…money that they need as a member of the program.
It isn’t exactly news that criminals and scammers have found ways to steal card data, either…and they’re getting better at doing it surreptitiously. The devices used to “skim” data off of payment cards (cleverly referred to as “skimmers”) can now be hidden inside cash machines, or camouflaged to look like just another part of the device. This makes it more challenging to spot these skimmers, putting more people at risk in general of having their data cloned and used to create additional copies of payment cards that the thief can use or sell.
What Can Be Done?
Well, short of more states implementing improved security measures into their EBT cards—eliminating the magnetic strip and replacing it with the modern chips that other card types use—it really falls to the user and the business where an ATM or other card-reading device is located to prevent these issues. Keep an eye out for people trying to tamper with these machines, and discontinue its use if you can until it has been fully checked by a professional for card skimming devices. As a customer, give any card reader a close look before you swipe to see if it looks at all unusual.
Point North Networks is here to help keep your business more secure and efficient, both for your benefit and that of your clients and customers. Find out how we can help via our managed services by calling 651-234-0895.
What Exactly is Personally Identifiable Information?
It’s incredibly important to keep your personally identifiable information secure, but what exactly constitutes PII? Today we offer a definition and suggestions or strategies to help you keep your PII safe.
The Definition of PII Depends on Who You Ask
If you want to protect PII to the best of your ability, you first need to understand what it is, but the answer to this question is not exactly clear-cut.
The United States identifies a couple-dozen identifiers in its legislation, but other countries have different ideas for what is considered PII. The European Union, Brazil, China, and even various US states like California and Virginia have different ideas of what makes for PII. The General Data Protection Regulation (GDPR) sees race, political opinion or affiliation, religion, and sexual orientation as PII, but the California Consumer Privacy Act does not.
With so many different factors and variables in place, it’s hard to define PII, which in turn makes it hard to protect it. Five US states want to hold companies more accountable for failing to protect PII, and regulators are in the same boat. For example, Morgan Stanley Smith Barney failed to properly dispose of consumers’ PII on servers and drives that they wanted to sell following a big move, resulting in a $35 million fine.
Avoiding Fines for PII Security
The first and foremost thing you need to account for is the PII as it is outlined for your industry. Take this information into consideration right from the start so there is no room for error or confusion. Implement it into your data handling and sharing practices immediately to ensure compliance.
Furthermore, you’ll have to test your protections to make sure that you are keeping your data as safe as possible. Be sure that the data, even if stolen, cannot be used to identify the individual.
To top it all off, implement solutions designed to protect your data on all levels, including encryption, identity and access management, and role-based permissions.
Point North Networks can help to make sure that your business is protecting its personally identifiable information. All you have to do to get started is call us at 651-234-0895.
What is a Security Operations Center?
The way workplaces around the globe are functioning has undergone a sea change. With the hybrid work culture and work-from-anywhere settings becoming the new normal, offices have had to adapt to a new style of infrastructural arrangement. This entire shift of working remotely has also raised serious concerns about data security and network safety with cyber attacks and data theft becoming a widespread menace. In such a rapidly changing scenario, companies must find a way to tackle this ever-hovering threat and develop a system that will not only keep the systems, networks and data safe but also keep the workflow smooth and well-integrated.
With cybersecurity a priority for every business that depends on their IT, there are a lot of different strategies being utilized out there to keep threats off of networks and data safe. One of the most advanced strategies being used today is enlisting a service that runs a Security Operations Center (SOC). Today, we’ll investigate what a SOC is and how it works to keep security threats at bay.
What is a Security Operations Center?
The Security Operations Center is a lot like the Network Operations Center (NOC), but its whole purpose is to monitor computing networks and devices and eliminate threats to their efficient operation. While that description may seem simple, business computing infrastructures are typically complex with a lot of end users, making network and device security a complicated endeavor.
Today’s businesses have computing infrastructures and networks that run around the clock, and the SOC is staffed to facilitate that 24/7/365 demand for security monitoring and services. Working hand-in-hand with your NOC (and perhaps other IT administrators depending on the complexity of your business’ IT), the SOC typically handles the overarching cybersecurity strategy.
Typically, businesses want their IT to align with how they want to run their business and part of that is maintaining uptime and keeping threats off of the endpoints, networks, and the vast amount of infrastructure that makes up the network. After all, all it takes is one vulnerability to be exploited and it can create major problems. The SOC deploys a myriad of tools and strategies all designed to do one thing: stay ahead of threats to the network.
How the SOC Operates
As we stated previously, the SOC functions much like a NOC in that its main purpose is comprehensive around-the-clock monitoring and notification. If something goes wrong on the network, the SOC will log the issue and do what it can to mitigate the issue. As these things happen it will notify the IT administrator (the NOC) of the issue to keep them in the loop. Let’s take a brief look at some of the services the SOC will provide:
-
Complete assessment
The discovery process is a major part of how the SOC can be most effective. In being aware of all the hardware, applications, and other tools on the network(s) your business needs, the SOC can ensure that everything is monitored continuously. This enables the designing of apt intrusion prevention systems that can help strengthen the organization’s security posture.
-
Continuous monitoring
Not only will the SOC monitor software and traffic trends, it will also monitor user and system behaviors as a way to identify issues.
-
Thorough logging
Keeping large computing networks secure is a big job, and a lot of your executive and managerial team don’t have the knowledge or the time to stay on top of threats as they come in. Keeping logs of every action the SOC makes, including communications with vendors/employees and steps taken to keep the network and infrastructure free from threats is a great way to provide a layer of oversight to the security process. It’s also an important factor in staying compliant with any regulatory mandates.
-
Comprehensive Incident Response and Investigation
This is where the SOC really becomes a major benefit for the security of your company’s IT. Not only do SOC technicians respond quickly to any security incidents, they also work fast to investigate what caused the issue in the first place. Going further than your typical IT management, the main benefit of the SOC is the mitigation of efficiency-sapping issues such as malware and other manners of attack.
Services of a Security Operations Center
Now that we know how important Security Operations Center is and the benefits it provides, let’s look at all the services it renders:
Prepare, Plan, and Prevent
To ensure that everything is secured, the SOC needs to have an exhaustive list of everything that needs to be protected within or outside the data center. This includes databases, applications, cloud services, servers, endpoints, etc. This asset inventory management also includes the tools required to protect the assets like antivirus, anti-malware, firewalls, anti-ransomware tools, monitoring software, etc. Many a time, asset discovery tools are used to manage these tasks.
Once the security tools are in place, the SOC must perform preventive maintenance to maximize these tools. The preventive measures include software upgrades and application of software patches, regular firewall upgradation, whitelists and blacklists, and security procedures and processes. A SOC must also develop a system backup process to ensure that the business continues to run even in case of a data breach, cyber-attack or cybersecurity threat.
If any such incident does present itself, the SOC must have a contingency incident response plan in hand. This plan defines activities and roles and responsibilities in case of an emergency. In addition to this, the SOC must also chart out the parameters that will measure the efficiency of these contingency plans in terms of handling the emergency.
Once all the plans are in place, they should be followed by regular testing to ensure that the plans are effective and capable of handling a crisis. This can be done by performing vulnerability assessments – it is a thorough assessment that tests and detects every resource’s vulnerability to potential threats and the cost associated with them. These tests also allow teams to rectify and upgrade any loopholes in the system so that when a real scenario presents itself, the team and the systems are best prepared to handle it.
Since technology is rapidly changing, it is important for the SOC to keep its security solutions updated to tackle even the most advanced threat intelligence. They must keep themselves abreast with the latest technology news, types of cyberattacks happening across the world, and even the dark web that also poses a potential threat to an organization.
Monitor, Detect, and Respond
One of the main aims of a SOC is to provide continuous and round-the-clock monitoring. It monitors the entire IT infrastructure including servers, applications, software, computing devices, networks, and cloud workload at all times to detect any suspicious activity.
A majority of SOCs depend on a technology called system information and event management (SIEM). It monitors and keeps an aggregate of all kinds of alerts and telemetry from the company’s software and hardware to analyze this data to detect future threats. Another advanced form of technology that many SOCs are utilizing these days is extended detection and response technology (XDR). This technology is more advanced as it not only provides more detailed alert and telemetry data but also automates incidence detection and response.
Storing and analysing log data is yet another important exercise that SOCs perform. While most IT departments store log data, not all of them analyze it. It is this analysis that makes a whole lot of difference. A SOC will have the ability to study the log data and decipher anomalies and suspicious activities. Most hackers and cybercriminals thrive on the fact that not every company stores and analyses log data. This allows their viruses and malware to run undetected in the systems for weeks and months, damaging the systems to a large extent.
This is usually followed by threat detection and incident response from the SOCs. Modern systems are able to integrate Artificial Intelligence into their threat detection repertoire that makes spotting any suspicious activity more efficient. In response to these detected threats, a SOC can take the following actions:
Investigating the root cause of the threat. This helps them determine the vulnerability that let the hackers run their malware and access the system. Other factors like bad passwords, or poor implementation of policies are also taken into account
- Disconnecting or shutting down all weak endpoints
- Stopping or isolating compromised areas in the network or routing the network traffic differently
- Stopping or pausing applications and processes that are below par
- Removing files that are damaged or infected
- Running anti-virus or malware software
- Withdrawing passwords that can be used internally as well as externally
Recovery, Improvement, and Compliance
The recovery process involves removing the identified threat and then working on the affected asset to move them back to the state they were before being infected. This includes restoring, and reconnecting disks, end-user devices and other similar endpoints, wiping, restarting applications and processes, and restoring network traffic. In case of a cyberattack or ransomware attack, the recovery process may involve isolating the backup systems, and resetting all the passwords and other authentication certifications.
Once this step is complete, the SOC works on stopping similar threats from reoccurring by using the intelligence gained from this incident to resolve the vulnerabilities, updating policies and processes, selecting new security tools, and revising the entire incident plan. The SOC may also work towards finding out if the said cybersecurity threat indicates a changing or new trend that they must be prepared for in the future.
These steps are followed by compliance management. The SOC must ensure that all applications, systems, and security tools and processes are in compliance with the data privacy regulations like CCPA (California Consumer Privacy Act), PCI DSS (Payment Card Industry Data Security Standard, GDPR (Global Data Protection Regulation), and HIPAA (Health Insurance Portability and Accountability Act). The SOC must then notify the regulation authorities, law enforcement agents, and other parties about the occurrence and retain the data for evidence and auditing.
Key Members of the Security Operations Center
The SOC is an important part of any organization, whether in-house or outsourced. There are some key members that comprise this team and they all play an important role in ensuring that an organization’s data is safe and secured.
SOC Manager
The SOC Manager is responsible for overseeing the entire SOC team, and the security operations, and then reports it to the company’s chief information security office
Security Engineer
These engineers are responsible for building and managing the company’s security structure. A lot of what they do includes evaluating, testing, recommending, executing and upkeeping security tools and technologies
Security Analyst
These analysts, also called security investigators or incident responders are the first ones to respond to any cybersecurity threat. They detect, analyze and prioritize threats, identify the applications and processes impacted by the threat, and then take appropriate action to minimize or eradicate the impact of the threat
Threat Hunters
They are also referred to as expert security analysts, who master at detecting and controlling advanced threats, threat variants and new threats that might have gone past the automated detection systems
While these are the core members of the SOC, bigger organizations may also have other team members like the Director of Incident Response (these professionals communicate and coordinate incident response), Chief Information Security Officer
and foreign investigators (they have a stronghold on detecting and analysing damaged devices during a cybersecurity incident).
Challenges SOCs Face and the Possible Solutions
A SOC is a team that identifies, mitigates, and improves systems after a cyber threat. Since the team works in challenging conditions, there are several difficulties they face that must be addressed and resolved immediately so that SOC can efficiently manage its core responsibilities. Here are some challenges that SOC faces and how they can overcome them.
Limited Access to Talented Professionals
In the world of SOC environment, there is a huge shortage of talented security professionals and the demand for them is quite high, especially now that cybersecurity is becoming a huge crisis. In such a situation, SOCs have their work cut out and the demand for their services and workload may easily overwhelm them. To tackle this situation, companies must identify talent from within their organization and look at upskilling those professionals. The SOCs must also keep a backup for all positions so that if a position goes vacant, they can fill it up with the standby alternative.
Advanced and Sophisticated Attacks
The world of cybercrimes is evolving at a rapid pace. Today’s hackers and cybercriminals continuously find new ways to attack systems by using advanced malware that traditional security systems cannot detect. This requires every information security operations center to be on it toes all the time and be prepared to tackle the most advanced cyberattacks. The best way to handle this situation is to deploy anomaly detection or implement tools that have the capability of machine learning. This will allow SOCs to detect and flag off cyber threats more efficiently.
Large Amounts of Data and Congested Networks
There has been a huge surge in the amount of data every organization now deals with. And securing, analysing, and deciphering this astronomical amount of data is a huge challenge for SOCs. Automated systems are the best tools that SOCs must use to manage this data.
Threat & Alert Exhaustion
The larger the amount of data available, the more analysis is done by SOCs. This means that there are regular anomalies occurring in different systems, developing a sense of fatigue in the SOC team members. From this huge number of anomalies occurring on a regular basis, not all will provide the right direction for developing a security intelligence system, distracting them from their core work. SOCs must develop systems that can filter high-intensity anomalies from the ones that don’t require immediate attention. Behavioral analytics tools can also help in ensuring that the SOC is concentrating on the right kind of anomalies and not wasting its time on low-fidelity alerts.
Unknown Threats
It is not always possible to identify unknown threats through conventional signature-based detection, firewalls, and endpoint detection. Therefore. SOCs must devise a different and more efficient method by improving their signature, rules, and threshold-based detection of threats. This can be done by using behavior analytics.
Security Tool Overload
Since cybersecurity is becoming a huge concern, companies end up implementing multiple security tools. These tools are often disconnected from each other and don’t work in tandem. SOCs must deploy more integrated and centralized monitoring systems so that every threat is effectively detected and resolved.
Security is important for every organization, and they must ensure proper SOCs are implemented to make the processes, data, and information secure against highly-advanced cybercrimes in today’s age. With data requirements skyrocketing in today’s modern workplaces, SOC is important for organizations to detect threats and respond to them quickly.
If you think your business could use a Security Operations Center service to keep your growing network and infrastructure clean from threats and working for your business, give Point North Networks, Inc., a call today at 651-234-0895. We are a trusted managed security service providers, and can facilitate your business with the best-in-class SOC teams to help you avert any unwanted cybersecurity incidents.
Careful! There’s an Infected Version of WhatsApp Out There
WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.
What is YoWhatsApp?
YoWhatsApp is an unofficial version of WhatsApp that users can download and install on their smartphones. The developers claim it offers the ability for users to lock chats, send messages to unsaved numbers, and customize the look and feel of the application with various theme options. There are other unofficial WhatsApp versions out there with similar enhancements.
This sort of thing isn’t new. Ever since the early days of instant messaging software, developers have been building “enhanced” versions of popular messaging applications. Back in the early 2000s when AOL Instant Messenger was popular, there were several unofficial versions that offered additional features that removed ads, allowed more anonymity, and offered more features than the source material. However, using these third-party versions often came with some risk—sometimes they contained malware or made your account less secure.
This definitely appears to be the case with YoWhatsApp.
What Are the Risks of Using an Unofficial Version of WhatsApp?
According to a recent Kaspersky Report, YoWhatsApp distributes Android malware known as the Triada Trojan. The same was discovered last year with FMWhatsApp, another modified unofficial version of the application.
Triada gains control over your SMS messages, and can enroll its victims in paid subscriptions without their knowledge and impersonate them, sending spam and malicious content to others from their phone number.
This, in turn, can then affect users who actually use the official versions of WhatsApp.
While, as far as we know, WhatsApp is generally a safe application to use, the various third-party versions are not.
Understand What You Install
The concept of third-party developers creating unofficial “enhanced” versions of popular software isn’t anything new. It isn’t always a risk either, but you need to consider that unofficial versions aren’t usually as supported or secure as the official ones. If someone made a variation of Microsoft Outlook that offered some new features that the original didn’t have, and then Microsoft found and patched some vulnerabilities in their original version of Microsoft Outlook, it would be up to the third-party developer to also patch and update their version. You can’t really rely on that. You also need to consider that cybercriminals will go to great lengths to extort money from a wide set of users, and that includes building a “better” version of a popular app and paying to run ads to get users to download it and install their ransomware.
Whenever you install anything on your PC or smartphone, be sure to check to see if you are getting it from the official developer. If you aren’t sure, take some time to do a Google search, or reach out to Point North Networks to have us help you. It’s better to be safe than sorry.
The Haunting of North Shore Software
The following story and events are true, however, to protect the families of the innocent, all names have been changed. Any resemblance to actual persons, living or dead, or businesses, is purely coincidental. Enjoy and happy Halloween!
This is a transcript of a police interview with Stephen Corey. Taken by Det. Giles Gerald at 11:05 a.m. this morning.
Det. Gerald – Please state your name and title.
Mr. Corey – I’m the founder and CEO for North Shore Software Inc.
Det. Gerald – Tell me what happened.
Mr. Corey – We’ve been at the 1692 Osborne Ave location since May 10th. It was rainy, but it was actually pretty warm that morning, if you recall? I got to the office at 6:30; which is an hour and a half early as I like to have some time to myself before the staff arrives. I found it strange that there were several cars in the parking lot, but it’s not really unheard of to have cars in the lot from people that get a ride from the bar just across the street on Sundays this time of year.
I didn’t think much of it as I gathered my things and went up to the office, but the first real curious thing was that the door to the office was already unlocked. This is Monday, mind you, ya’know, and there have been maybe one or two instances in the thirteen years I’ve owned this company that someone has beaten me to the office on Monday. I’m always the first one there; especially on Monday. So, I suddenly got a very cold feeling and was extremely worried that we’d had a break in. So instead of just barging in and potentially putting myself in a bad situation, I decided to go back to my car and call the office to make sure that I was just being paranoid and that there was, ya’know, people there who were, um, ya’know, were supposed to be there.
The phone rang twice and then Sarah answered. “Thank you for calling North Shore Software, this is Sarah, how can I direct your call?”
Det. Gerald – This is Sarah Glanvill?
Mr. Corey – Yes, she’s our receptionist.
Det. Gerald – Continue
Mr. Corey – I was immediately, ya’know, put at ease when I heard her voice, so I hung up without saying anything and headed into the office. Mind you, this was a very brief stretch of time; less than a minute or two. I got back to the door and went to open it and it was locked. Obviously, this was alarming, but I thought that, ya’know, it being Halloween and all that, someone was trying to mess with me a bit. So my first thought was to pound on the door. At this point, I wasn’t so much scared or annoyed, but was trying to be a good sport. I thought that Sarah, who is one of my longest-tenured employees, was just having a little fun with me. After a few seconds, there was an identical pounding on the other side of the door.
I remember saying something like, “Okay, okay, this is fun,” as I went to unlock the door with my key. Mind you, the plan is to move over to electronic locks pretty soon, but right now we still have the wood door that came on the place with your typical locks, ya’know. Well I put my key in and it won’t turn. Now I’m starting to get annoyed, because all I want to do is start the day and I’m thinking this prank is going a little too far. I pound on the door again, and again the knocks are returned. You’ll see all this on the CCTV, but I tried to unlock the door a couple other times with no luck. I then call to end the charade and have Sarah, who at that time I’m completely convinced is doing all this to mess with me, unlock the door.
So, as I went around the back to get in the building, I’m annoyed. I call up and she answers “Thank you for calling North Shore Software, this is Sarah, how can I direct your call?” I’m like Sarah, “This isn’t funny anymore. Let me in the building!” I get nothing, but “North Shore Software, this is Sarah, how can I direct your call?” At this point, I’m at the back door. I hang up, not finding the humor in this whole thing, and I go to unlock the back door. I unlock the door and I get halfway in and the door slams and locks.
At this point I’m just standing there angry and dumbfounded. I try the lock and the key won’t turn. It’s as if the locks were magically changed. I start pounding on the door yelling and swearing. Just then I see headlights shining down the alley on the south side of the building. They are coming from the parking lot. I walk toward the parking lot and the lights go off and as I get to the front of the building. I hear: “Good morning, Mr. Corey. Happy Halloween.” It was Sarah. Even though I just saw her pull up, my blood is up, so I start yelling at her, asking her why she would keep the prank going so long? She has no idea what I am talking about.
I start barraging her with questions, and accusations, really. She starts to plead and cry, not only because she is being accused, but because she must have thought I was losing my damn mind. By now it’s 7 (a.m) or just after and I’m in a frenzy. I put my phone on speakerphone and Sarah, who is standing right in front of me, on the verge of tears, answers “North Shore Software, this is Sarah, how can I direct your call?”
I’m not so sure I’ve ever felt more insane and more sorry. She was as surprised as I was to hear her voice. I knew then that I was dealing with something I didn’t understand. I don’t believe in ghosts, but at that moment I thought for sure there was something paranormal going on, ya’know. I was, um, well, scared. Other employees began to pull up and I didn’t know what else to do so I called you guys and told them to go on home and work remotely until I knew what was going on.
Det. Gerald – What happened when the responding officers got there?
Mr. Corey – Obviously, I’m upset. At this point I was convinced there is someone in my place of business who isn’t supposed to be in there…or ya’know, something…There weren’t any lights on that I could see, but someone is actively trying to keep me out of the building. Officers Mather and Cotton came pretty fast and asked Sarah and I a bunch of questions about what was going on. I told them what I told you and they said if I let them in the building they would go in and see what is going on. I told them that the door was unlocked when I got there and then was locked and that someone slammed the back door on me after that.
We went up to the door and the door unlocked fine. They went in and it was quickly pretty evident that no one broke in. They returned in minutes to say that there was nobody there and the place was clear. By then more officers had showed up and Sarah helped me by sending workers away as I looked around to see if I could figure out who the hell was there. The officers said the back door was not locked. Obviously, this surprised me.
Det. Gerald – So who do you think was there?
Mr. Corey – That’s the thing, nothing is missing. I looked through the CCTV footage and I didn’t see anyone entering or leaving. The only thing I saw on those tapes was me struggling with the doors. Someone broke in; I’m sure of it, but I can’t tell you for certain who it was.
Det. Gerald – Maybe you imagined it. Have you been dealing with more stress than usual?
(Just as Det. Gerald asked the question, an unknown number called Mr. Corey’s phone).
Mr. Corey – No.
(Mr. Corey ignored the call)
No. I can’t really explain any of it, but I…
(Phone rings again)
Can I take this?
Det. Gerald – Yeah.
Mr. Corey – (into the phone) Hello? (inaudible; Mr. Corey then presses the speaker button on his phone)
Phone – “…this is Sarah, how can I direct your call?”
Mr. Corey – Who is this? Who is this??! (hangs up).
Det. Gerald – What was that?
Mr. Corey – That was Sarah the receptionist, but it obviously wasn’t.
(Just then the phone rang again: Unknown number)
Det. Gerard – Give me the phone.
(Mr. Corey handed the phone to the officer and he answers it and puts it on speaker)
This is Detective…
Phone – “…North Shore Software, this is Sarah, how can I direct your call?”
At Point North Networks, we offer enterprise business telephone systems that have all types of features, including virtual receptionists that can help your business direct your calls to the people you are looking to talk to. You can gain the peace of mind that you will get the end-to-end telephone service your business needs without the chance of being haunted by a human or specter.
Frequently Asked Questions About North Shore Software
What is an enterprise phone system?
An enterprise phone system can be defined as an assortment of various services, including but not limited to office telephones, mobile devices, and audio conferencing. This phone system is aimed at enabling office employees to communicate with customers and business associates, by way of speech instead of the more impersonal mediums such as email or the web.
What is the need for an enterprise telephone system?
When implemented efficiently, a telephone system can enable a business to offer improved communication facilities to its customers and partners alike. In addition to being more personal and impactful, telephone communication is also faster than email – making it the preferred choice for all involved.
How can a Virtual Receptionist Help my Business?
A virtual receptionist is essentially software and not a person. This implies that the efficiency with which a virtual receptionist function is unmatched. Right from fielding incoming calls, to resolving simple customer needs such as appointment scheduling, offering access to required information, and routing calls, a virtual receptionist can do it all with ease. Most importantly, a virtual receptionist can function 24/7, thus ensuring that every customer’s call is well-received.
What are the most important features of a Virtual Receptionist?
When it comes to a virtual assistant, some of the noteworthy features that make the assistant worth the cost include –
- Auto attendant
- Live answering
- Message taking
- Patching and call transfer
- Appointment scheduling
- Answering frequently asked questions
- Offering 24/7 availability
“No More Ransom” is Leading the Fight Against Ransomware Abroad
Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.
Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.
No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.
Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.
Why You Should Never Pay the Ransom
Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.
Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.
This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.
Instead, You Should Call Us!
If you become the target of ransomware, we suggest you call Point North Networks at 651-234-0895. We can walk you through the appropriate next steps to address ransomware on your network.
Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.
Get started today by calling us at 651-234-0895.
Hundreds of Applications Could Potentially Expose Data Through Basic Errors
At the beginning of September, it was revealed that a relatively simple issue existed in nearly 2,000 mobile applications that potentially exposed some (read: a lot of) sensitive data. Let’s take a brief, basic look at the situation to see if there are any lessons that can apply to your business.
Trust us, there will be.
In Essence, the Issue is One of Access Permissions
Let’s go over how these apps generally work.
Naturally, the apps that you use on your phone aren’t fully hosted on your device. Instead, they are commonly hosted in cloud services. In theory, the application you install effectively just contains hardcoded access credentials that allow you to access the data or the service that the application provides.
Notice that we said, in theory. Research conducted by Broadcom’s Symantec Threat Hunter team revealed that these purportedly single-purpose logins were able to access all of the files that a cloud service contained—including company data, backups of databases, and system controls.
Worse, if multiple apps included the same publicly available software development kits (SDKs) or were created by a single company, these login credentials could potentially grant access to numerous applications, exposing the infrastructure and user data of each.
So, let’s say that an attacker happened to obtain these access tokens. With the situation being the way it is, that would give the attacker access to all of the applications—and more critically, the user data these applications contain—that the access tokens granted access to.
Between the Android and iOS platforms, researchers found almost 2,000 applications that had their credentials hard-coded to Amazon Web Services—three-quarters of those granting access to private cloud services (and half of those granting access to private files), with about half containing access tokens found in completely unrelated applications.
So, What Does This Have to Do With Your Business?
Let me ask you something: who in your business could potentially access your payroll information, your employees’ private information, or all the financial data you’ve collected from your clientele and workforce alike?
This idea that certain information is accessible by those who shouldn’t have access to it is the crux of the issue. You need to ensure that your data and files are only accessible to those who need them for their work responsibilities. This is known as the principle of least privilege—basically, all access and information are distributed on a need-to-know basis, based on the responsibilities of the individual users.
In short, much like these applications should have been doing, you need to ensure that access to this data is locked down. We can help.
Give us a call at 651-234-0895 to learn more about how we can help you.
Endpoint Protection – A Crucial Missing Piece from Many Enterprise Network Servers
Almost 20% of Enterprise Windows Servers Lack Endpoint Protection… Does Yours?
What is Endpoint Security?
Endpoint Security, as the name suggests, is the phenomenon of securiting endpoints, i.e. the end user devices including but not limited to computers, laptops and mobile devices against dynamic security incidents, data breaches, file based malware attacks, suspicious behavior as well as cybersecurity threats.
At one point in time, endpoint security simply comprised traditional antivirus software, however, with the changing dynamics and emerging threats, today endpoint protection platforms offer a more comprehensive protection.
Who Needs Endpoint Protection?
While most small-scale businesses believe that only their large-scale counterparts require extensive endpoint protection, the fact of the matter is endpoint protection platforms are a must for organizations of all sizes! After all, hackers, masterminds behind organized crimes and evolving zero day threats are a modern-day bane for one and all. Hence, it can be said without a doubt that it is crucial that all enterprise networks are secured.
And when we emphasize the need for network security, we want to stress that the chosen endpoint security solutions should offer extensive security features as well as automation capabilities to ensure the protection of corporate devices from potential cyber threats.
Why is Endpoint Protection Important?
There are numerous endpoint protection features that make an EPP an indispensable part of cybersecurity.
In today’s times, data is considered to be an organization’s most valuable asset and a data breach can prove to be an irreaprable loss. Endpoint solutions enable the protection of sensitive data, and ensures that it remains safe, irrespective of the potential cyber threats.
The rise in number of devices that use network access, as well as the types of endpoints, have further highlighted the importance of endpoint protection. Then again, it has become imperative for organizations to offer an endpoint security solution with remote management capabilities to ensure that hackers are unable to gain access to data and other sensitive information from employees who have opted for remote work. Thankfully, sophisticated endpoint security solutions are more than capable of offering such extensive protection, as they are bestowed with unmatched investigation and remediation capabilities.
We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.
Spoiler alert: it’s really, really important.
Data Shows that Enterprises Suffer from Considerable Vulnerabilities
Compiled by Sevco Security, the State of the Cybersecurity Attack Surface report took data from over 500,000 IT assets. This data, compiled from enterprise-level businesses, revealed that a substantial number of the assets these businesses rely on are missing critical endpoint protections or aren’t being actively patched.
According to Sevco Security’s research, the businesses they surveyed were lacking endpoint protections at a rate of 12%, while 5% of them were lacking enterprise patch management. Compounding these issues, 19% of Windows servers were missing endpoint protections.
Furthermore, “stale” IT—assets that are present in the security control console and register as installed on a device, but haven’t checked back in for a few weeks—is a small but serious issue for these enterprise organizations. 3% of the IT assets have stale endpoint protections, while 1% have stale patch management. However, since they are supposedly accounted for, these risks are harder to spot and more likely to create issues.
Of course, these findings were all based on research into enterprise-level companies, with enterprise-level capabilities. Now, just consider what that suggests about the small or medium-sized businesses and their comparative capabilities.
Endpoint Security and Antivirus Programs
Traditional antivirus solutions are an important facet of endpoint security. While an antivirus program may not always protect individual devices and servers, when combined with endpoint protection, the network security threats can be curbed to the maximum possible extent. This two-proged approach enables the protection of individual devices, as we as of the network that they are connected to.
Trust Us to Help Prevent These Vulnerabilities from Presenting Themselves in Your Business
Part of our proactive remote monitoring and maintenance services is to catch these kinds of issues before they result in larger problems for your business. To learn more about how we accomplish this, give us a call at 651-234-0895 today and we will help you with the most reliable endpoint protection solution!
Frequently Asked Questions About Endpoint Protection
How can Endpoint Protection Solutions help?
A reliable Endpoint Security Software can offer multiple benefits including the following
- It can help ensure that only trusted devices can connect to your network
- It can ensure the safety of endpoints for remote devices accessing the network
- It can help avert network security threats by continuous monitoring of endpoints
- It can detect malicious activity and malware, and prevent them from harming your network
- It can help you gain deep visibility across all your endpoints and their activities
What is EDR?
EDR is short for “Endpoint Detection and Response”. It is essentially an endpoint security solution which enables the continuous monitoring of the devices of the end users, in a bid to detect and repond to online threats in a timely manner. In some cases EDR is also known as “Endpoint Threat Detection and Response”.
What is XDR?
XDR is short for extended detection and response. It is yet another endpoint security solution that enables the collection of data related to security threats from isolated security tools across the technology stack of an organization. It is done to ensure quicker and more extensive investigation, threat hunting, threat prevention as well as response.
What is the difference between EPP and EDR?
EPP refers to ‘Endpoint Protection Platform’. EPP is a proactive endpoint security solution that prevents security threats. On the other hand, EDR refers to ‘Endpoint Detection and Response’. It is a reactive tool for protecting endpoints. It effectively detected and reponds to threats have may have been missed by other security tools deployed within your network security. An advanced endpoint security platform offers an optimal combination of EPP and EDR for enterprise network security.
What are the components of endpoint security?
To provide comprehensive protection across multiple endpoint devices and operating systems, a reliable Endpoint Protection Platforms (EPP) software usually comprises of few or all of the essential components listed below-
- Machine-learning classification
- Antimalware and antivirus protection
- Proactive web security
- Data classification and data loss prevention
- Integrated firewall
- Email gateway
- Actionable threat forensics
- Insider threat protection
- Centralized endpoint management
- Endpoint, email and disk encryption
Security Doesn’t Always Have to Be a Grind
At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.
Keep Your Antivirus and Security Tools Updated
What’s better than eliminating a threat from your network? Stopping it from getting that far entirely. With antivirus, firewalls, and other security measures in place, you can keep your business secure from the majority of threats before they even become a problem in the first place.
Use a VPN
In case you or someone else on your team has to travel, or if you have a team that works remotely, a VPN is incredibly valuable. Public Wi-fi is notorious for being quite dangerous, and a virtual private network can offer a safe haven for you to access the Internet without fear of being observed by any onlookers.
Utilize Multi-Factor Authentication
You can take your security practices to the next level through the use of multi-factor authentication. A password can only do so much in today’s threat landscape, so you should back it up with biometrics, generated PINs, and other secondary measures that can make things much more difficult for any would-be hacker.
Use a Password Manager
We know you’ve heard it a thousand times; “always use a different password for each and every one of your accounts to maximize security.” While this should be practiced, it can be difficult to observe if you don’t have a password manager keeping tabs on each of your credentials. Plus, let’s face it, you don’t want to rely on your browser’s password management options if you can help it.
Avoid Phishing Scams
While it would certainly be amazing to win the lottery, a free vacation, or catch some juicy gossip in your email inbox, the fact of the matter is that phishing emails know that these kinds of temptations make you want to click on links in emails, regardless of how likely you think they might be. Other tactics used include fearmongering and threats, which aren’t nearly as fun to receive, but are equally as effective, if not more so under the right circumstances. Either way, you should use extreme scrutiny when navigating messages from unknown or unsolicited sources—especially if they contain links or attachments.
Let Us Help Your Business Keep Itself Safe
While you can certainly do all of the above on your own, why not work with a managed service provider like Point North Networks? We can take the stress out of managing your network security. To get started, call us at 651-234-0895.
