What Are We Most Frightened Of This Halloween?

7 Cyberattack Facts

This Halloween we’re celebrating by sharing some scary cyberattack facts. Why? Because, unfortunately, cyber attacks are increasing. The cyber threat landscape is rapidly becoming more of a concern. Not only are businesses seeing an increase in the number of attacks, but these cyber attacks are continuing to evolve.


Here are the scary facts:

  1. Cyberattacks are the third largest global threat this year behind only extreme weather events and natural disasters!
  2. Around the globe, a hacker attacks someone every 39 seconds.
  3. There are nearly 6,000 new viruses released every month.
  4. There are more than 4,000 ransomware attacks a day.
  5. Nearly 1 out of every 100 emails is a phishing attempt.
  6. 43 percent of cyber attacks are aimed at small businesses.
  7. The cost of all this cybercrime last year? 600 billion dollars!

Read the details below:

Fact 1. Cyber attacks are the third largest global threat this year behind only extreme weather events and natural disasters.

According to the WEF’s Global Risks Report 2018, in terms of events that are likely to cause disruption in the next five years – cyberattacks rank behind only extreme weather events and natural disasters.

The Report reveals that:

  • The top five risks to global stability over the next five years are natural disasters, extreme weather, cyber attacks, data fraud, and failure to address climate change.
  • Cyber attacks are growing in risk as the potential fallout from an attack on connected industrial systems, or critical infrastructure becomes a serious threat.
  • Cybersecurity risks have grown both in their prevalence and in their disruptive potential.

The good news is that many of these cyber attacks aren’t succeeding. However, increases in their growth and sophistication are troubling. Plus, because nation states are performing cyber attacks, cyberwarfare becomes a real threat.

Fact 2. Around the globe, a hacker attacks someone every 39 seconds.

A study by Clark School study at the University of Maryland quantified the near-constant rate of hacking of computers with internet access to every 39 seconds on average. And for those who use non-secure usernames and passwords, there’s a greater chance that the hackers will succeed.

Michel Cukier of Clark School’s Center for Risk and Reliability and Institute for Systems Research identified these as brute force attacks where hackers use simple software-aided techniques to randomly attack a large number of computers.

The study revealed that once hackers gain access to a computer, they:

  • quickly determine if it will be of use to them,
  • check the software configuration,
  • change the password,
  • check the hardware and/or software configuration again,
  • download a file,
  • install the downloaded program and run it.

Fact 3. There are nearly 6,000 new viruses released every month.

A computer virus is a program or software(malware) that once in your computer multiplies in number and affects areas of the computer according to the codes it’s based on. Computer viruses are growing. With the rise in technology, we’re at increased risk of hackers using viruses to infect our networks. They continue to be a growing threat to organizations of all sizes, across all industries. And today’s free antivirus solutions (and some paid ones) are no match against sophisticated malware. Hackers are now using machine learning technology to circumvent security and infect computers with viruses. They also use AI (artificial intelligence) to launch attacks and infect computers to steal data.

Fact 4. There are more than 4,000 ransomware attacks a day.

The FBI has reported that since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). This is a 300% increase from 2015 when 1,000 attacks occurred daily. Ransomware is the fastest growing malware threat, and it can result in the temporary or permanent loss of your sensitive or proprietary data. It not only disrupts your operations, but you’ll also likely incur a financial loss to recover your data. Ransomware has the potential to ruin your business’s reputation.

Fact 5. Nearly 1 out of every 100 emails is a phishing attempt.

Researchers (from FireEye) reviewed over half-a-billion emails sent between January and June 2018. They found that one in 101 emails are malicious and sent with the goal of compromising a user or network.

When spam is discounted, only one-third of emails are considered “clean.” Highlights of the report showed that:

  • There was an increase in phishing attempts during tax season (January – April).
  • Impersonation attacks are commonly used for CEO fraud.
  • Hackers rely more on friendly name impersonation today.

The WEF’s Global Risks Report 2018 also revealed that 64 percent of all phishing emails sent during 2017 contained file-encrypting malware.

Fact 6. 43 percent of cyber attacks are aimed at small businesses.

This was reported in Symantec Corporation’s Internet Security Threat Report. They also revealed that 1 in 40 small businesses are at risk of being the victim of a cybercrime. Hackers don’t discriminate when choosing businesses. They are targeting their money. Small businesses are big targets for phishing attacks. Phishers target employees who are responsible for the company’s finances. When the phishing emails are opened, it can result in sensitive financial information being exposed. This is how the cybercriminal gains access to a company’s money.

Fact 7. The cost of all this cybercrime last year? 600 billion dollars! That’s three times the amount spent on Halloween candy.

In the February 2018 report “Economic Impact of Cybercrime – No Slowing Down” it says that cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP. The reasons for this growth are as follows:

  • Quick adoption of new technologies by cybercriminals
  • The increased number of new users online (these tend to be from low-income countries with weak cybersecurity)
  • The increased ease of committing cybercrime with the growth of Cybercrime-as-a-Service
  • An expanding number of cybercrime “centers” that now include Brazil, India, North Korea, and Vietnam
  • A growing financial sophistication among top-tier cybercriminals that, among other things, makes monetization easier

Cyber Security Awareness

Do these facts scare you too? Are you worried about the cybersecurity of your business? If so, contact us, and we’ll help you determine if you are adequately protected.


Different Ways You Can Celebrate Love Your Lawyer Day

As a business owner, executive or manager, you may use a lawyer for many different reasons. You may need a lawyer to look over your business contracts, to help when you buy or sell a business, to help you with any tax issues that may arise or to help with any personal injury lawsuits that may arise within your business. Friday, November 2, 2018, is Love Your Lawyer Day. This is a day that is set aside to honor lawyers and all that they do for individuals and businesses. On this special day, you may be looking to celebrate your lawyer, but you may not be sure how. Here are a few of the different ways you can recognize and celebrate your attorney on Love Your Lawyer Day.

Love Your Lawyer Day

Give Them a Phone Call

One of the simplest ways that you can celebrate Love Your Lawyer Day is by giving your lawyer a phone call on this day. The phone call does not have to be long and the conversation does not have to be in depth. Simply let them know that you appreciate the work that they are doing for you and you are grateful for the services they provide. A simple compliment and nice words can go a long way in brightening someone’s day and making them feel appreciated.

Send Them a Card

If you do not like to talk on the phone or you want to send something to your lawyer, you can send them a card. A thank you card or other similar note that lets them know that you are thankful for their hard work has the same impact as a phone call that praises them. If you want to do something a bit more than a card, you can always include a gift card to their favorite coffee shop or restaurant, or you can send flowers along with the card.

Post a Positive Review Online

Online reviews are important to businesses. When someone is seeking out a lawyer, they may do a Google search to see feedback on an attorney or law firm. You can help the lawyer who helps you by leaving a positive online review for the attorney this Love Your Lawyer Day. Unless we are mad or upset, many of us do not leave online reviews. Take the time to let other people know just how wonderful your attorney is and all of the positive things they do for your business.

Order Something for Their Business

Another gesture you can make when you are looking to celebrate Love Your Lawyer Day is to order something for their business. Have you ever spent time with your lawyer and noticed that they don’t have something that could help them get a little more organized? Or have they complained that they recently lost or misplaced something? It can be as simple as a business card holder or a Bluetooth speaker for their work desk. Personalized gifts that you put thought into are always appreciated.

Have Lunch Delivered

Speaking of items that are always appreciated, the last way you can celebrate Love Your Lawyer Day is by having lunch delivered to your lawyer. Who doesn’t love food being delivered right to their desk? If you know what kind of food your lawyer enjoys, consider ordering them a meal and having it delivered. Give them a heads up that you have a treat arriving and at what time to make sure they will be in the office though before you place the order.

This Friday, November 2, 2018 is Love Your Lawyer Day. This is the perfect day to recognize all of the hard work that your lawyer is doing for you or your business. There are many way you can recognize your lawyer, including giving them a phone call, sending a card, posting a positive review online, ordering something for their business or having lunch delivered. No matter how big or small, take the time to recognize your lawyer and let them know how appreciated they are this Love Your Lawyer Day.


How You Can Celebrate Entrepreneurs’ Day in 2018?

Look around you. Your desk lamp, your headphones, that smartphone in your hands — everything you own and use daily was created in the mind of an entrepreneur.

Entrepreneur Day

Sure, it may be mass-produced now, but at one time, every item in existence had to be thought up, created, and marketed for the very first time. It took the innovative and productive mind of a special entrepreneur to do that.

Today, entrepreneurs still exist as they always have, but because of mass production, globalism, big box stores, and yes, the Internet, they’re not as celebrated as they once were. Entrepreneurs’ Day is bringing back the much-deserved admiration and appreciation of the entrepreneur.

Below, learn exactly what Entrepreneurs’ Day is, how it started, and how you can celebrate this 2018!

What Is Entrepreneurs’ Day and Why Is It Special?

Entrepreneurs’ Day is a day that celebrates the men and women in this country who are able to build something out of nothing. Entrepreneurs certainly think up, produce, and market the things you use, collect, have fun with, and eat on a daily basis. But they’re much more than that.

Entrepreneurs are special because of their innovation and creativity, but they also create jobs and spur the economy. Many entrepreneurs help small- and medium-sized towns grow and develop. They give opportunities to those that might not otherwise have them, and they donate to and care for their communities. Entrepreneurs have built what you see today.

Sadly, there are fewer new business ideas sprouting up around the United States today than ever before. Often, this is because small businesses who make an attempt to get off the ground aren’t able to earn enough to maintain their footing. Building a business out of nothing is certainly no easy task.

Entrepreneurs’ Day aims to change all of this by uplifting and celebrating entrepreneurs. It’s a day to pay tribute to these amazing businessmen and women — and maybe even become one yourself.

When Is Entrepreneurs’ Day?

Entrepreneurs’ Day is always on the third Tuesday of November. In 2018, Entrepreneurs’ Day will be celebrated on Tuesday, November 20th.

History of Entrepreneurs’ Day

The term entrepreneur was first coined by French economist Jean-Baptiste Say in 1800 to denote someone who “shifts economic resources out of an area of lower and into an area of higher productivity and greater yield.” Entrepreneurs’ Day began in 2012 when President Barack Obama declared the month of November in the United States to be National Entrepreneurship Month.

Top Ways to Participate in Entrepreneurs’ Day

When you’re an entrepreneur yourself …

1. Get together with other entrepreneurs in your area.

Form a club or organization where local entrepreneurs can share their ideas and new concepts they’d like to bring forth. Even if it’s just an informal get-together, it’s a way to begin an important dialogue among entrepreneurs in your community.

2. Mentor another entrepreneur.

If you’ve successfully gotten off the ground as an entrepreneur in your own industry, consider mentoring someone else who is just beginning. Give them advice, shout out their product or service on your own social media pages, or just give them a pat on the back and some inspiration and motivation to keep moving forward.

3. Have a celebration!

If you own your own startup small business or are just starting out with a new product or service, celebrate Entrepreneurs’ Day by offering your customers and clients special discounts or a fun event. Even if your budget isn’t up for deals and sales quite yet, you can have an open house with cookies and punch or do a small giveaway of some sort to celebrate the day.

When you’d like to support entrepreneurs …

1. Shop with entrepreneurs in your area.

Shopping for holiday gifts or birthday presents? Looking for new clothes or items for your kitchen? Don’t go to the big box stores or the Internet this time. Shop with local entrepreneurs. Alternatively, if there aren’t any start-up small businesses in your community, you can certainly connect with entrepreneurs online who aren’t part of big-box chains.

2. Thank an entrepreneur

Know someone who has started their own business in the past or is hoping to in the future? Give them a shout out “thank you!” on social media, or thank them in person.

3. Talk about it!

Finally, remember that Entrepreneurs’ Day exists and persists largely by word-of-mouth, so spread the word! You can use social media on the days leading up to Entrepreneurs’ Day to tell your friends, family, and followers about this day — and of course, use the suggestions listed above to celebrate yourself when November 20throlls around!


What Is Small Business Saturday? (November 24th, 2018)

How do you usually shop when you need something like a gift for a friend, a new pair of shoes, or a bike for your son or daughter? Today more than ever before, Americans make a beeline for the computer or a big box store when it comes to getting through their shopping list.

Small Business Saturday

And it’s not just clothes, toys, and gifts we buy at these places. Paper towel, cell phones, greeting cards, and all your groceries can be purchased at the same time — with just one trip to a large chain store or one click of a button.

So where does this leave the little guy — small businesses?

Small businesses are closing up shop, and fewer new businesses are opening than ever before. Unfortunately for everyone, this means less support to locally-run firms, more unemployment, cheaper goods, terrible customer services, and small towns that suffer.

But you can help!

Small Business Saturday is a way to pump life into the small businesses here in the U.S. — and around the world. Here’s a bit more about this special annual event and how you can participate this year!

What Is Small Business Saturday?

Small Business Saturday is a day that celebrates small businesses of all kinds around the country. This includes all types of independent retailers from locally-owned gyms, grocery stores, cafes, and restaurants to artists and craftsmen who sell their goods online, local farmers, and more.

When Is Small Business Saturday?

Every year in the United States, Small Business Saturday is celebrated on the first Saturday after Thanksgiving. This year, 2018, Small Business Saturday will take place on Saturday, November 24th.

How Did Small Business Saturday Start?

Especially since the 1960s, when the modern American shopping mall came into existence, big box stores and chains have taken over what was once a country dominated by small local businesses. Small and even medium-sized towns have seen their small businesses obliterated when bigger chain stores come into town. Usually, the smaller retailers can hold out for at least a year, but inevitably, it’s the big guys who win out.

Small Business Saturday started as a way to pump some life back into the small businesses around our nation — to honor and recognize them. The first celebration of this holiday was only celebrated in Massachusetts in 2010. It was created as a way to work against Black Friday, which inevitably favors large chain stores and retailers.

But since that time, the holiday has spread throughout the nation. From the start, Small Business Saturday was sponsored by both the non-profit National Trust for Historic Preservation and by American Express. There are now Small Business Saturday celebrations in the UK and elsewhere around the world as well.

Why Participate in Small Business Saturday?

If you’re a small business owner, it, of course, makes sense to raise awareness of your business and other small businesses around the nation and the world on this day!

If you’re not a business owner, it also makes sense. That’s because consumers like you profoundly impact whether or not small businesses are able to get off the ground or maintain their business. By patronizing small businesses on this day — and raising awareness for others — you’re putting your money where your mouth is and let the world know that you appreciate small businesses and want them to stick around.

How Can Small Businesses Participate in Small Business Saturday?

Small businesses should prepare for Small Business Saturday by promoting the day online and in-store. You might consider holding a special event, an open house, or the release of a new product or service on this day. For more inspiration, head here to Shop Small®’s Get Inspired page.

How Can Others Participate?

If you’re a consumer, the best way to participate in Small Business Saturday is to buy from and patronize small businesses!

This might mean shopping at your local grocery store instead of the big chain supermarket in your town. It might mean grabbing a coffee at a local café instead of a chain coffee shop. Or it could mean ordering a piece of art, a tool you need, or something else from an independent retailer online.

Don’t Forget to Spread the Word!

Lastly, whether you’re a shopper or you own or work at a small business yourself, one of the biggest things you can do to support Small Business Saturday is spread the word.

Tell your friends and family about Small Business Saturday, use the hashtag #ShopSmall on social media, and of course, don’t forget to get out there and spend your money at small businesses in your area this Saturday, November 24th, 2018!


Marriott Data Breach: What You Need To Know

Heads up if you’ve stayed or made reservations at a Marriott or Starwood property over the last decade. A major security issue was just announced and the scope of the problem is actually quite astonishing. Here’s what you need to know about the Marriott International data breach.

Marriott Data Breach

What is the Marriott Data Breach?

On November 30th, Marriott International announced that the private information of up to 500 million guests became compromised. The breach is one of the largest in history and brings up a variety of concerns regarding consumer privacy safety.

They noted that an internal tool recognized a data breach in September, but wasn’t able to confirm the issue was part of the Starwood database until November. Further investigation revealed that the problem has happened since as far back as 2014 and that the exact breadth of the issue isn’t yet known.

Who is Affected by the Marriott Data Breach?

To be blunt, 500 million people is a lot. If you’ve traveled on business in the past or regularly stay at the hotel chain’s properties, your personal data is likely compromised. Additionally, those who merely made reservations but never actually stayed the night are also included in the breach.

According to NBC News, Marriott also reported that for 327 million of those people, the information includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Encrypted credit card information is also likely stolen, but the company isn’t yet sure if the thieves were able to reveal account numbers.

An additional report also suggested that employee information might have even been compromised, especially in situations where workers took advantage of employee discounts to stay at hotels around the globe.

What is Marriott Doing After the Data Breach?

While the initial statement from the company was vague, they have taken steps to improve the situation by hiring the public relations firm Kroll. Those concerned about being part of the Marriott data breach may check for more information at a website provided by the hotel chain.

Maryland Attorney General Brian Frosh is opening an investigation into the incident, citing the company headquarters in his state as the reasoning for his inquisition. Additionally, New York planned to look into the incident and other states where the company has properties are likely to follow. There is no word yet on how the breach is being reviewed internationally.

Furthermore, within hours of the news, a class action lawsuit for 12 billion dollars was filed by Ben Meiselas of Geragos & Geragos. The suit is on behalf of two plaintiffs who feel duped by the company not immediately admitting there was a security issue. In other cases in the past are any indication, there’s likely to be a settlement out of court soon.

What Can Other Companies Learn from Marriott’s Data Breach?

At this time, it is hard to tell what other companies can learn from Marriott International’s data breach since news of the incident is still relatively recent. Other companies have faced similar issues in the past, such as Yahoo’s admission earlier this year that the three billion accounts had information hacked and Under Armour’s data breach of 150 million MyFitnessPal user accounts. Those companies were able to provide customers with free credit monitoring to try to earn back trust, but time will still tell on how it affects each firm’s reputation overall. Both have made attempts to increase application cybersecurity.

In short, if you have made a reservation or stayed at a Marriott Hotel or Starwood property in the last few years, it is wise to invest in some version of identity theft monitoring. Also, consider additional discussion and concerns with your lawyer general and by making a claim on Marriott’s data breach website.


Threat Advisory: SamSam Ransomware

SamSam Ransomware is becoming a massive problem for multiple industries across the United States. In fact, the problem is so big that The Department of Homeland Security, (DHS), National Cybersecurity and Communications Integration Center, (NCCIC), and the Federal Bureau of Investigation, (FBI), have all recently issued a US-CERT alert due to the SamSam ransomware. Like other types of ransomware, files and networks are infected. In exchange for uninfected the system, hackers want a ransom, that typically costs thousands upon thousands of dollars. Every company that runs a network needs to be aware of SamSam ransomware. Here is what you need to know about this topic.

SamSam Ransomware

What is SamSam Ransomware?

SamSam ransomware is a type of ransomware that is designed to exploit Windows servers to gain access to your network. Once it is in the network, it uses the JexBoss Exploit Kit to access your JBoss applications. This type of ransomware is also able to use Remote Desktop Protocol to access your network. The virus is difficult to detect, due to the path it takes to access your system. Once the virus has made its way inside, hackers are able to get administrators rights, putting their malware on your server and basically hijacking your network. They do not release their hold on their network until you pay them the ransom they are asking.

What Can You Do to Decrease Your Chances of Getting SamSam Ransomware?

It is extremely important that you take the correct precautions to decrease your chances of getting infected with SamSam ransomware.

One of the steps you can take is to enable strong passwords and an account lockout policy. If you have strong passwords and a good lockout policy in place, it makes it much harder for the software to hack into your system and infect it. Enabling multi-factor authentication can also help. Before any new software can be installed, before software can be wiped or before changes can be made to your network, authentication is needed. The more authentication levels you have, the harder it will be for any ransomware to infect your system.

Unfortunately, while you can decrease your chances of getting infected with SamSam ransomware, there is no way to prevent infection altogether. As such, it is essential that you regularly install system and software updates and maintain a great backup system for all of your data and systems. This way, if you do get infected, you have a recent back-up for all of your system and data. You can wipe your current, infected system and start fresh from your backup point, without losing much at all.

How Can You Learn More About SamSam Ransomware?

If you are looking to learn more about SamSam ransomware, including the technical details surrounding it. It is highly recommended that you read through the SamSam Malware Analysis Reports that have been released by the US-CERT. A list of the reports, including links, are included here:

SamSam Ransomware is infecting computer systems and networks in multiple industries all across America. It is important that you learn what this ransomware is and how to protect yourself against it. Taking the right action can help to minimize the chances of your network being held ransom by SamSam ransomware.


Important FBI/DHS Warning: Update On FBI and DHS Warning: SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.

SamSam Ransomware

According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.

As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.

“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.

That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.

How do SamSam actors operate?

Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.

RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.

Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.

Where did SamSam originate?

The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.

Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.

What technical details about SamSam are important?

In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:

MAR-10219351.r1.v2 – SamSam1

MAR-10166283.r1.v1 – SamSam2

MAR-10158513.r1.v1 – SamSam3

MAR-10164494.r1.v1 – SamSam4

What mitigation and prevents practices are best?

In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.

The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.

For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:

  • Applying two-factor authentication
  • Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
  • Regularly applying software and system updates
  • Reviewing logs regularly to detect intrusion attempts.
  • Ensuring third parties follow internal policies on remote access
  • Disabling RDP on critical devices where possible
  • Regulating and limiting external-to-internal RDP connections
  • Restricting the ability of users to install and run the unwanted software application

This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.

Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.


Happy National App Day: December 11th

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now celebrate National App Day every year on December 11.

National App Day

What is an App?

The word “App” was listed as the word of the year by the American Dialect Society in just 2010, showing just how quickly apps have become a regular part of society. But people already use the word so much they don’t really think of where it comes from. While the term “app” is short for “application,” common usage has changed the meaning.

An app is actually a kind of computer software or a program, and now usually refers to a very small one used on mobile devices like smartphones and tablets. Initially, the term could have meant any mobile or desktop application, but the term has quickly evolved to conform to the way people use it. Now there are thousands of apps, and some individuals and businesses design and run their own apps to make specific tasks easier.

Kinds of Apps and Main Uses

There are three basic kinds of apps, but Web Application Apps are used through a browser and Hybrid Apps have characteristics of both Web Application Apps and Native Apps. Native Apps are the ones used on mobile devices, and they only work on certain devices and have a special source code.

Of course, once someone understands how apps work they can create a new one to perform specific functions. Apps are available on Google Play for Android users, Apple’s App Store, the Windows Phone Store and BlackBerry App World. There are currently millions of apps, and prices range as widely as uses. Some apps are entirely free, while others have a recurring rate.

  • Apps can be used for communication, including encrypted phone calls or video phone.
  • Apps can be used for entertainment, providing movies, books and music.
  • Travel apps provide needed information and tools, helping with everything from transportation to finding the closest restaurant.
  • Many people use apps for games, playing simple games like solitaire or complicated games with players around the world.
  • Many apps provide important tools, helping people organize their homes or perform essential functions at work.

There is no reason to think the proliferation of apps will slow down any time soon, if ever. It only remains to be seen how many people will adopt these handy tools to perform more and more specific jobs. Hopefully, people will be thinking of the endless possibilities as they celebrate National App Day on December 11.


Sextortion Scam Pretending To Come From Your Hacked Email Account

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.

The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.

Sextortion Scam

Here’s a closer look at the threat and how to prevent such ruses in the future.

What Happened in the Sextortion Case?

The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.

In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.

Are These Schemes Successful?

The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.

What Did the Sextortion Email Say?

The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “[email protected] 48 hours to pay,”

In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.

Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.

“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”

The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.

For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.

What Can Users Do?

While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.

Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:

  • SPF. A sender policy framework (SPF) verifies that an email that claims to come from a domain is associated with an authorized IP address. An SPF can detect faked sender email addresses in spam filters. Hackers are less likely to target such domains for phishing attacks.
  • DKIM. DomainKeys Identified Email (DKIM) lets an email receiver verify that an email coming from a domain was authorized by that domain. Senders need to attach a digital signature to each outgoing message that’s linked to a domain name. The recipient’s system can compare that signature to a published key.
  • DMARC. Layered on top of SPF and DKIM is domain-based message authentication, reporting and conformance protocol (DMARC). Established in 2011, DMARC allows email senders to publish policies about unauthorized email. Also, email receivers can provide reporting to those senders. Both are designed to build a domain reputation and credibility about Domain-issued emails.

Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.


Happy Wright Brothers Day – December 17

On December 17, 1903, Orville and Wilbur Wright made the first successful flight in a mechanically propelled airplane. To celebrate the accomplishment and commemorate the achievements of the brave brothers, December 17 became Wright Brothers Day by a 1959 Presidential Proclamation. Wright Brothers Day is now honored every year in the United States with festivities and activities.

Wright Brothers Day

A Land of Innovation and Invention

In the nation’s beginnings, the founding fathers had to cross an unfriendly ocean to live in uncharted land. Early settlers made their way across the vast landscape, using their strength and ingenuity to adapt to often harsh conditions.

Over the history of the US, Americans laid track to build railroads to span the nation, while other Americans built the cars that would change the way people live. The Wright Brothers succeeded in their revolutionary flight soon after.

What Was Once Thought Impossible

Before the Wright Brothers launched their flight, most people could not imagine that flight by humans was possible. Earlier efforts to leave the ground were limited, because there was no way to sustain flight or control a contraption in the air. The Wright Brothers knew that they would need to be able to control the wings and nose so that a pilot could navigate while in the air.

While it seems obvious now, their ideas changed the way humans view the world. People felt attached to the earth, trapped in two dimensions. Once people were able to fly, they could see the world from an entirely new perspective. Distances become relative, and the world seems both grander and more interconnected. The boundaries that used to limit people’s activities no longer hold that control over our lives.

Humble but Loving Beginnings

Milton and Susan Wright were the parents of Orville and Wilbur, and they encouraged their sons to learn about whatever they could and to travel to other parts of the world. Mr. Wright was a bishop in the United Brethren Church, and his position caused him to travel a lot for church business. While he was away, he sent many letters and gifts home to his family, exposing them the many fascinating wonders the world has to offer.

Wilbur and Orville started in the printing business and even had their own newspaper for a while. They started their own bicycle business in 1894, making and selling bikes to turn a profit. But their dreams were always bigger.

When Wilbur and Orville started seeing other inventors’ attempts at building flying machines, the brothers figured out where they were going wrong. Their first gliders did not succeed, but the Wright Brothers kept trying until they achieved their dream. The Wright Brothers decided what they wanted to do, and then they realized what other people couldn’t with their own abilities.