It’s fair to say that today's organizations are faced with more online threats than ever before. To properly manage the information systems that they depend on for productivity, redundancy, and operational management, they need to ensure that they are doing what they need to do to mitigate problems stemming from the continuous flow of threats.
To give our readers just a taste of what they are up against, we’ve decided to put together a list of the most devastating hacks, infiltrations, and malware attacks that have happened so far in 2018. Additionally, we provide some telling statistics that will put into perspective just how important your network security and cybersecurity initiatives are.
The Department of Homeland Security was affected by a data breach that exposed information about 247,167 current and former employees.
Atlanta, Georgia was targeted by a ransomware attack called SamSam. This resulted in a massive problem for their municipal infrastructure. The ransom price given was $51,000, but Atlanta’s leadership refused to meet these demands. Overall, the numbers show that Atlanta has spent more than 10 times that number in the fallout of the attack. Some estimates place the actual cost of this event at nearly $20 million.
India’s national ID database, Aadhaar, leaked data of over a billion people. This is one of the largest data breaches in history. A user could pay 500 rupees, equal to about $7, to get the login credentials that allowed anyone to enter a person’s 12-digit code for their personal information. For 300 rupees, or about $4.20, users could also access software that could print an ID card for anyone associated with the database.
Cambridge Analytica, a data analytics company that U.S. President Donald Trump used to help his campaign, harvested personal information from over 50 million Facebook users without asking for their permission. Facebook hasn’t called this a data breach, but Cambridge Analytica has since been banned from using the service thanks to this event.
A hack of a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials. This also exposed which police departments aren’t able to respond to an active shooter situation.
280,000 Medicaid records were exposed when a hacker attacked the Oklahoma State University Center for Health Sciences. Among the information exposed were patient names, provider names, and full names for affected individuals.
An unsecured server owned by Bongo International, a company acquired by FedEx, leaked over a hundred-thousand files of FedEx customers. Some of the information leaked included names, drivers’ licenses, national ID cards, voting cards, and utility bills.
Orbitz, a travel booking site, fell victim to a security vulnerability that exposed 880,000 customers’ payment card information. There was also about two whole years of customer data stolen from their server.
French news site L’Express left a database that wasn’t password-protected up for weeks, despite being warned about the security issues regarding this.
134,512 records regarding patients and financial records at the St. Peter’s Surgery and Endoscopy Center in Albany, NY were accessed by hackers.
MyFitnessPal, an application used by Under Armor, exposed about 150 million people’s personal information to threats.
The WannaCry ransomware claimed another victim in Boeing, which stated that “a few machines” were protected by Microsoft’s 2017 patch.
Thanks to Twitter storing user passwords in a plaintext file that may have been exposed by internal company staff, the social media titan had to force hundreds of millions of users to change their password.
An unauthenticated API found on T-Mobile’s website exposed the personal information of all their customers simply through the use of their cell phone number. The following information was made available: full name, address, account numbers, and tax IDs.
A bug found in Atlassian development software titles Jira and Confluence paved the way for hackers to sneak into IT infrastructure of several companies and one U.S. government agency.
Rail Europe, a popular server used by American travelers to acquire rail tickets, experienced a three-month data breach that exposed credit card information to hackers.
A marketing company named Exactis had 340 million records stolen from it, but what’s most shocking about this is that they had accumulated information about nearly every American out there. In response to the breach, there was a class action lawsuit made against the company.
Adidas’s website was hacked, resulting in a loss of a few million users’ personal and credit card information.
A hacker collective called Magecart initiated a campaign to skim at least 800 e-commerce sites, including Ticketmaster, for sensitive information.
That list of traumatic security issues all occurred in the first half of 2018. This doesn’t consider the major hacks that are still affecting people from 2017 and before. Some examples include the Friendfinder hack that exposed 412 million user accounts, and the well-documented Equifax data breach that leaked the financial information of over 147 million people. Here are some of the statistics to help put in perspective the state of Internet threats at present:
In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
Nearly 1-in-3 organization have experienced some sort of cyberattack in the past.
Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
5.4 billion WannaCry attacks were blocked in 2017.
The average monetary cost of a malware attack is $2.4 million.
The average time cost of a malware is 50 days.
Ransomware cost organization’s over $5 billion in 2017.
20 percent of cyber attacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
Phone numbers are the most leaked information.
21 percent of files are completely unprotected.
41 percent of companies have over 1,000 sensitive files left unprotected.
Ransomware is growing at 350 percent annually.
IoT-based attacks are growing at about 500 percent per year.
Ransomware attacks are expected to quadruple by 2020.
7.7 percent of web requests lead to malware.
There were 54 percent more types of malware in 2017 than there were in 2016.
The cybersecurity market will be worth over $1 trillion by 2025.
Android 8.0 Oreo has been creating some significant buzz since it was announced, and after a long wait, the mobile operating system has been released to a select number of devices thus far. However, more devices will soon be able to take advantage of the many benefits and features of Android 8.0 Oreo, with Android 8.1 rolling out for others.
Android 8.0 Adoption Rates As of April 16, 2018, there was an increase in Oreo adoption (combining versions 8.0 and 8.1) of 400 percent since the rates were measured in February. Comparatively, Android Nougat (versions 7.0 and 7.1) saw a 2.3 percent increase, while all past versions saw a drop-in use. This is despite the trend for many to hold on to their mobile devices for as long as possible to reduce the financial impact of an upgrade.
Despite this, there are some limitations that particular device manufacturers have placed, restricting the devices that have received the update to Oreo thus far. So far, the devices to receive this update include:
Asus Zenfone 4
Asus ZenFone 4 Pro
Asus ZenFone 3 Max
Asus ZenFone 3
Google Pixel XL
Honor 8 Pro
HTC U11 Life
HTC U11 Plus
HTC U Ultra
Huawei Mate 9
Huawei P10 Plus
Lenovo K8 Note
Lenovo K8 Plus
Motorola Moto Z2 Force
Motorola Moto X4
Samsung Galaxy S8
Samsung Galaxy S8 Plus
Xperia X Compact
Xperia X Performance
Xperia XZ Premium
Samsung Galaxy Note 8
Samsung Galaxy S8 Active (on AT&T)
Xperia XA1 Plus
Xperia XA1 Ultra
ZTE Axon 7
In addition to these devices, there are others that have been confirmed to receive an update in the near future:
Asus ZenFone 4 Selfie
Asus ZenFone 4 Selfie Pro
Asus ZenFone 4 Max
Asus ZenFone 4 Max Pro
Asus ZenFone 3 Deluxe
Asus ZenFone 3 Laser
Asus ZenFone 3 Zoom
Motorola Moto G5S Plus
Samsung Galaxy S7
Samsung Galaxy S7 Edge
Lenovo K8 Note
Lenovo K8 Plus
LG V30 Plus
Motorola Moto Z
Motorola Moto Z Droid
Motorola Moto Z Force Droid
Samsung Galaxy A5 2017
Samsung Galaxy A3 2017
Samsung Galaxy Xcover 4
Motorola Moto Z Play
Motorola Moto Z Play Droid
Motorola Moto Z2 Play
Motorola Moto G4 Plus
Motorola Moto G5
Motorola Moto G5 Plus
Motorola Moto G5S
Samsung Galaxy A8 2018
Samsung Galaxy J3 Emerge
What Android 8.0 Oreo Has to Offer This upswing in adoption rates only makes sense when the features that Android 8.0 offers are taken into consideration.
Picture in Picture Mode While Android Nougat gave users the ability to have two applications display at the same time with Multi-window, Android Oreo is taking this screen-sharing capability one step further by enabling one app, perhaps something playing a video, to share the screen with a relatively much larger app.
Notification Dots While there are Android themes that already offer this capability, Android Oreo will have the same ‘badges’ that indicate which apps have tried to notify you about something. In addition, by long-pressing the icon, you will be able to see the notification.
General Optimization and Improvement Of course, a mobile OS needs to do more than add a few cool features to be considered a true update. Android 8.0 Oreo offers assorted improvements to user security, as well as the device’s speed and battery life. Furthermore, Android Oreo also enables a user to manage their notifications on a more detailed level, ascribing particular permissions to different apps based on case-by-case criteria.
Now that you have a general idea of what to expect from Android 8.0 and 8.1 Oreo, are you looking forward to leveraging the updated operating system in your mobile device? Let us know in the comments, and feel free to mention other improvements you’d like to see!
There are countless examples of words that have evolved to meet the needs of their times. Meat once referred to solid food of any kind before it came to mean the edible flesh of animals. The word nice once had many meanings that completely contradicted each other. Today’s Tech Term, dongle, is another word that has evolved, albeit at a faster pace.
There is no questioning that the term dongle is largely used in reference to technological devices, just as there is no questioning that “dongle” is an inherently silly word.
However, this silly word has become a constant in the world of tech, especially on the consumer side of things. Dongles can be found everywhere, from the adapters that allow headphones to be used with devices that are now made without headphone jacks, many of the streaming devices that can be found in the home could be considered dongles, and arguably any device that plugs into a computer via a USB port qualifies as a dongle.
Officially, the term dongle (if defined by its most common denominator in computer networking) is any small device that is plugged into a computer to allow a particular network connection to be made. We see them most often today in USB devices. However, this blanket term doesn’t include USB devices that serve as data storage devices. Instead, the term dongle applies to other USB devices, such as Wi-Fi dongles that connect a device to a wireless network, or a modem dongle that connects to 3G or 4G wireless Internet networks.
As for the name itself, there are a variety of theories, including that the term is simply a play on the work ‘dangle’ (which most dongles do), or that the term held some significance to the developers of the Commodore PET Computer, which was released in 1977 and used a device similar to a dongle to boost its memory.
Regardless, the dongle is a term that is ingrained in modern technology. For more tech terms, tips, and tricks, make sure you subscribe to this blog!
Losing a smartphone can be a problem for anyone. For the modern business, it can really cause issues. Mobile devices are notorious for housing a lot of personal information, which makes them extraordinarily dangerous to lose track of. How much is at stake with mobile devices going missing; and, what kind of information is stored on these devices that makes them so dangerous to misplace?
To get started, let’s think about the information that’s being put at risk. Here is a list of information that could possibly be stolen from mobile devices--a surprising amount of data for most users, to say the least.
Payment information: The applications on your device could potentially be storing credit card numbers or bank routing numbers, which could become problematic if stolen. Hackers could make off with all of your precious, hard-earned cash.
Passwords and usernames: If you use your device’s web browser, it’s likely that you have passwords and usernames saved on it--even if it’s been done accidentally. These usernames and passwords can be stolen from the device, or used on the device by whoever is accessing it.
Application data: There are a lot of applications installed on your business’ devices, and these applications store lots of information that a hacker could have a field day with. Even if applications are locked behind a login screen, these accounts can be infiltrated if the login credentials are stored on the device
Cloud storage: Access to cloud storage is one of the best things about mobile devices, but if you lose one, you’ll be compromising any sensitive data that your account has access to. Any information that’s shared with your device will be accessible by whoever finds your misplaced device.
Social media accounts: If you have social media applications on your device, it’s likely that you have the password and username saved to the device. This means that anyone who finds your device will have access to your social media accounts, ready to use for whatever vile purposes they want.
Email: You’d be surprised by how much information you keep hidden in your email inbox. Think what would happen if any of your countless messages was accessed by a hacker who has found your smartphone. Now THAT’s frightening!
Contacts: You might not think the people you associate yourself with are valuable targets for hackers, but they certainly are. Contact lists for both business and personal use hold a lot of value, as it essentially becomes a list of potential targets to hit with phishing scams.
Keeping all of this in mind is of the utmost importance, especially if you want to make sure your mobile devices don’t become a liability in the event of a loss scenario.
Should your next computer purchase be a desktop or a laptop? Let’s talk about the less obvious differences between the two so you can make the right decision when buying computers for your staff.
Is a Laptop or Desktop the Better Option? As you might expect, this question more or less hinges on your particular need of mobility. If you find yourself conducting business in various places in (and perhaps occasionally out) of the office, the mobility of a laptop will likely serve you better than a desktop would. Conversely, if your work is more or less contained to the office, a desktop may be more appealing than a laptop. While other factors may also influence your choice, mobility should be one of your primary considerations.
Some other factors to keep in mind are the cost of upkeep of your systems, as well as its intended use. Desktops are often the more cost-effective option, and maintenance is quite often easier. Additionally, a computer capable of more resource-intensive projects--like video editing or CAD rendering, for instance--will cost more, but a laptop will see a faster price increase than a desktop will.
ROI A desktop can sometimes provide a better return on investment, as they tend to upgrade easier than laptops. This can increase its useful lifetime, allowing your business to remain competitive longer. Another consideration would be reducing your carbon footprint, as you reduce the amount of material going to the landfill.
Checking the Specs As we just touched on briefly, your intended use of the device should influence your decision considerably. Depending on what you need the computer to be capable of for your business purposes, you may have different requirements than someone else from your organization. For instance, if you primarily use your computer for communications and administrative management, you will not need the same capabilities as someone who regularly uses theirs for advanced, resource-intensive operations. Your role in your organization, as well as the industry you are a member of, will have an impact on this. After all, some industries rely on more data than others, and will therefore have more to manage.
If you’d like assistance in establishing what your particular computing needs are, and which device would serve you best, don’t hesitate to reach out to Net It On for help.
Bargain Hunting Again, depending on your industry, what qualifies as a good deal for you may be very different than what is considered a good deal for another company that serves a different audience and has different needs. On top of this, there’s also the need to find a reliable vendor who can deliver the technology you need at a reasonable rate - a process that can take an exceptionally long time.
Social engineering can allow a cybercriminal to access networks without being hampered by the security solutions that a business has in place. Through the manipulation of the human element of a company, its critical resources are exposed. In order to protect your business against the threat of a social engineer, there has to be an overall awareness in your company culture.
Why Social Engineering Works One of the main reasons that social engineering can be such an effective tactic for cybercriminals is because, rather than telling the target what they want to hear, the target is told what they expect to hear. By coming forward under the guise of someone who should be coming forward, the cybercriminal is able to extract information from unwitting staff members, adding to their intel through intensive online research.
These are the key factors that allow these kinds of attacks to be as successful as they are. The methods used by social engineers aren’t the kind that immediately come to mind when one thinks about cyberattacks. Since the attack doesn’t typically resemble more well-known threats like ransomware, these attacks are often able to infiltrate their target without any suspicion. Additionally, there is an excess of information available online, known as open-source intelligence, that provides the social engineer with the knowledge they need to craft their approach.
This open-source intelligence can come from a variety of places, making the social engineer’s job that much easier. There is plenty of information readily available on the Internet, all it takes is looking in the right place.
Sample Information While it’s no secret that there is a ton of information online, the true scope of what is available can be alarming when all laid out. The following information can all be found if one knows where to look, and is by no means a comprehensive list of what is there:
Technological Details Considering how valuable a cybercriminal would find the details of what technology is used in a business, these details are remarkably easy for cybercriminals to find. Companies will often show their hand in online job postings, identifying the hardware and software that they use in order to find someone with the experience. This not only ensures that qualified applicants send in their resumes, it also allows cybercriminals to send in the exploits needed to take the company down. Social media posts can also share this information--the wrong picture could give access to networking hardware and other critical and sensitive data.
Employee Data On the topic of social media, sensitive company information can easily leak through oversharing. Employee activities that are shared or tweeted can provide a cybercriminal with crucial insights. Images can create an even bigger problem. If not scrutinized before posting, you can inadvertently display key details, from the data on the screens to the model of the computer that holds the data.
Furthermore, employees using social media carelessly can deliver more invaluable data for a cybercriminal to leverage. Discussing work schedules or even sharing specifics of work experience can potentially put your business at risk.
External Companies Unfortunately, social engineering attacks can leverage data that you have minimal control over against your business as well, as other companies and vendors you do business with may share their experience with you as evidence of their value. Furthermore, if your janitorial services and trash pickup providers aren’t secure, your data could be stolen after it has left your property.
So while it is absolutely critical to leverage cyber protections for your data’s security, including solutions like firewalls and authentication measures, your employees also need to have their eyes peeled for the threat of social engineering. Every business needs to have a plan to avoid and mitigate the threat of social engineering.
The International Consumer Electronics Show (CES) is designed to showcase new technology and products to the world, with a focus on industry professionals and companies that want to showcase their latest projects. The show, which was held in Las Vegas in January, saw the introduction of many consumer products, but the ones that showed off new virtual and augmented reality capabilities made a considerable impact on attendees.
Hype has been building over VR and AR for years now; hype which has failed to meet the considerable expectations placed on the technologies. It turns out that these innovators are coming up with valuable new ways in which to leverage these rather complex technologies.
Virtual Reality Even now, virtual reality is a huge deal. Manufacturers are still finding ways to develop both hardware and software for it specific use. However, the problem that developers are finding is that VR has taken too central of a role in the entertainment industry compared to its more practical or business-oriented purposes. In the future, manufacturers are hoping to create valuable applications for the technology to keep the demand high.
In an article for Forbes, Charlie Fink showcases that VR will most certainly show a profit, but the market is still only at around $2 billion per annum. Judging from previous trends set by color TV, VCR, PC, cell phones, and the Internet, it’s not beyond the realm of possibility that the standard consumer will see VR as a worthwhile investment before too long. However, Fink points out that “...before VR companies can understand how consumers want to spend, they need to cater to how consumers want to consume.”
Even though it’s not as profitable as other technologies at the moment, VR had a huge presence at CES. New technologies in VR ranged from novelty to necessity, including the HTC Vive Pro and an analytical tool called Looxid. Looxid allows for marketers and analysts to track eye movement and brain activity during use, providing information that should improve the way businesses understand consumers. For a more practical tool, the Meshroom VR headset can turn CAD drawings into legitimate 3D prototypes that can be effective for the use of architecture or engineering.
Regardless, even though VR has been around for quite some time, it is still a developing and volatile technology. It’s clear that it will be worth the investment in the near future--particularly when more useful applications are developed that can take advantage of it.
Augmented Reality Compared to virtual reality, augmented reality is a bit more tame and less of an attention-grabber. Instead of transporting the user to a virtual world, augmented reality adds virtual elements to your surroundings. The easiest example to help explain this technology is to add a top-down overlay interface to your field of vision, allowing for the viewing of information or analytics at a glance. Yet, AR has found plenty of use in the real world already, from statcasts in the sports world to smartphone games like Pokémon Go. Some developers, like Google and Apple, have invested considerably in the creation of augmented reality applications, and it’s only going to improve in popularity as more companies create effective ways of leveraging AR.
At CES 2018, AR was a prominent force. Manufacturers are finding new and improved ways to take advantage of displays. Some of the more notable products include Vuzix Smart Glasses with Alexa--much like Google Glass, but with Amazon’s Alexa built into it. WinRay’s AR windshield is another device you should keep your eye on. This windshield can display directions, roadside information, and even basic car functions. Even Apple’s iOS 11 comes with built-in AR.
What are some ways that you can think of to take advantage of AR and VR? Let us know in the comments, and be sure to subscribe to our blog.