Cybersecurity


The QBot Malware Operators Use DLL Hijacking to Sideload Malicious Files in Windows Computers

The QBot Malware Operators Use DLL Hijacking to Sideload Malicious Files in Windows Computers

Taking advantage of how Windows handles Dynamic Link Libraries (DLLs), attackers are creating a malicious version of DLLs required by the program and infecting victims’ computers. Read on to know how it happens and ways you can protect yourself. Continue reading “The QBot Malware Operators Use DLL Hijacking to Sideload Malicious Files in Windows Computers” »

The Infamous Smishing Campaign Roaming Mantis Hits Users in France

The Infamous Smishing Campaign Roaming Mantis Hits Users in France

After hitting South Korea, Japan, Taiwan, Germany, the US, and the UK, the Roaming Mantis campaign recently moved to target iOS and Android users in France and likely compromised numerous devices. Here is a look at the Roaming Mantis malware and how such smishing campaigns affect individuals and organizations. Continue reading “The Infamous Smishing Campaign Roaming Mantis Hits Users in France” »

Beware Of RDP Attacks: A Popular Way Cybercriminals Are Spreading Ransomware

The threat from RDP attacks that spread ransomware has always been present. RDP is a popular MO for cybercriminals because it allows easy access to a device.  

The last 5 years have seen a vast increase in RDP attacks, with cybercriminals taking advantage of the coronavirus pandemic and even the Ukrainian conflict to attack both vulnerable businesses and individuals, holding their systems and files to ransom.

Many remain uninformed about the risks associated with using RDP and how it leaves their systems and devices vulnerable to attack. If you’re one of them, we’ve put together all the information you need to help protect your devices and networks from the threat of cybercriminals.

 

 

What is RDP?

RDP stands for Remote Device Protocols. RDP is an integral part of computer operating systems that allow users to connect to their devices remotely.

It’s a very useful feature. RDP allows those who work from home to access the computer in their office, and IT experts can fix a device from anywhere in the world, just like docusign alternatives free you up from having to be physically present to sign digital documents.

To log into a computer using RDP you find your device by typing in its internet address, then enter your username and password. Once you’re logged on, you can then access the computer, via the remote connection, in the same way as if it were sitting before you.

However, internet addresses (also known as IP addresses) can be found by anyone. This easy way to gain access to vulnerable computers makes RDP attacks so popular with cybercriminals.

 

The Worrying Increase In RDP Attacks

RDP came into its own in March 2020 with the onset of the coronavirus pandemic. Millions around the globe abandoned their offices to work remotely from home using cloud-based software like that from a business phone app provider.

Many large businesses were already protected against the threat of RDP attacks but countless more were not, and cybercriminals were ready, and eager, to take advantage of the millions now using RDP.

 

 

RDP attacks soared. According to Kaspersky, global attacks in March 2020 increased by 197% to 277.4 million, from 93.1 million in February. Only a year later, Kaspersky reported that for many countries that number had tripled, and for some it had increased tenfold.

RDP attacks have always been popular because they provide an easy way for attackers to take over a machine and gain complete control. With many companies planning to continue remote working, even when the risk from the coronavirus pandemic has reduced, cybercriminals will continue to take advantage of unprotected RDP ports.

It’s up to individuals and businesses to ensure they are doing all they can to minimize the risk of attack and protect their devices.

 

How Do RDP Attacks Occur?

Hackers use your IP address to locate a device and scan for any open RDP ports. They then use those ports to try to log on to that device by guessing the username and password.

This technique is called “brute force guessing”. Hackers use computer programs to guess passwords. If it guesses incorrectly the program simply keeps going until it gets through. 

These computer programs have been designed to break the most frequently used passwords and unfortunately, weak passwords are commonplace.

 

 

An entire criminal industry has grown around building programs to make RDP attacks easier. Hackers that use these programs to guess passwords usually do not keep the passwords they steal for themselves. 

They are employed by other criminals or work freelance, selling the passwords they have stolen to those who will use them to break into your devices.

Once they have unlimited access to your device or system, RDP attackers can:

  • Access multiple endpoints connected to a single network. To access the system network for one company, they only need to hack into one computer and then use the network to infiltrate all the devices connected to that network.

 

  • Deploy ransomware or malware. A common example is to lock the login screen for all users. A screen will appear, most often claiming to be a government authority, which displays the ransom fee and an email address. They include a demand for payment to release your device and the mode of payment to use.

 

  • Uninstall antivirus and other security software, leaving your device vulnerable to other attacks.

Deploy spyware to monitor how you use your device. They can use this to identify passwords for digital banking and social media and use them to hack into your accounts.

 

 

  • Delete any system backups, both on the system and cloud. They could also wipe your entire system and steal data. This is particularly worrying for businesses that must adhere to data protection legislation regarding the personal data of their employees, customers, and business partners. A data breach will not bode well for their define CSAT.

 

  • Disable the F8 startup key, preventing re-booting the device in safe mode.

 

  • Change the system configuration setting and make the system more vulnerable to attacks from them, or others with malicious intent. This is often known as “leaving a backdoor open” for future use.

 

No one is safe from RDP attacks, be they individuals, small enterprises, or global giants. If you’ve ever asked what is call waiting, you’ll have learned that you receive an automatic notification when another call is incoming. Unfortunately with RPD attacks you won’t get an alert that someone has infiltrated your system until it’s too late. 

In February 2022, American NFL football team the San Francisco 49ers was a victim of ransomware when hackers stole company financial data. In the same month, hackers shut down the IT systems of the German oil company, Oiltanking Group. This, in turn, shut down gas stations across Germany, and even impacted oil giant, Shell.

RDP attacks can cause a great deal of damage, especially to businesses that must demonstrate legislative compliance if they wish to avoid paying the criminals and hefty fines.  

 

How To Reduce The Risk Of An RDP Attack

While it’s impossible to protect your devices against every attack (let’s face it, cybercriminals are always looking for new ways to breach systems), you can take a proactive stance and minimize the risk of RDP attacks.

 

1. Do You Need It?

RDP is a useful protocol to help you remotely access your devices. However, it leaves your system vulnerable to attack. If you only use your device to access the banking cloud, think carefully about whether to use RDP.

You may think you’ve done everything you can to reduce the risk of a brute force attack. But, as previously mentioned, hackers are persistent, proactive, and always looking for new ways to find vulnerabilities and exploit them.

The simplest way to protect your device is to seal off that potential door. If you don’t need RDP, turn it off.

 

2. Limit User Access

The more users who have RDP access to your devices, the more potential access points are available to hackers.

Businesses that adopt remote working should establish robust digital security policies that only allow remote access to those who need it. Adopt the principle of least privilege. Install levels of security access which limit users to the system information they need to fulfill their role and nothing more. For example, your design team may need to access Royalty Free Images, but don’t need to access personnel records. These policies should be regularly reviewed and updated to ensure they are relevant.

You can also limit access to specific IP addresses. Authorizing certain IP addresses to access your RDP will automatically block unknown IP addresses and make it more difficult for hackers to infiltrate your system.

Reducing the number of users with RDP access (and the amount of information they have access to) reduces the number of potential points a hacker can use to try to access your system.

 

3. Use Strong Passwords

Even with the best cybersecurity software solutions, it’s easy for hackers to guess weak and commonly used passwords, but it’s also not easy to ensure your system users don’t use weak passwords.

 

 

At the end of the day, we’re all a bit lazy. We often use the same password for multiple accounts and don’t change them regularly enough. We also want something easy to remember, but it’s those passwords, like birthdays and names, that are commonly used and easy to guess.

Try to use moderately strong passwords: Use words that are not in the dictionary, mix capitals and lowercase, and include numbers and symbols if you can. Don’t use a password featuring “Australia” for your account on the domain names registration Australia page.

It’s easier said than done, but businesses should actively encourage the adoption of strong passwords with their employees as the first line of defense.

 

4. Use Rate Limiting.

If you can’t ensure the adoption of strong passwords, rate limiting will help strengthen your defense against RDP attacks.

You can use rate limiting to set the number of permitted login attempts. Computer programs that race through password guesses will be brought to a halt if you limit the number of attempts they can make before shutting them out, especially if you restrict it to a small number of failed attempts.

 

5. Use Multi-factor Authentication (MFA)

MFA can be time-consuming and quite expensive to adopt and support. However, adding that extra layer of user authentication can make it harder for hackers to infiltrate your system.

Many email providers require MFA when logging on, especially when using a new device. As well as your password, they also ask you to enter a six-digit code sent to another device, like a cell phone.  

However, methods that do not require user interaction, such as hardware keys and client certificates, are the most robust and protective form of MFA.

 

6. Use A VPN

If you use a virtual private network, you add another level of defense to your system.

A VPN removes your devices from direct communication with the internet. It’s then up to the VPN to protect your point of access from hackers.

However, those persistent hackers have already begun to locate and exploit the vulnerabilities in VPNs, so it’s important to know your provider’s security measures and policies regarding RDP breaches on their software.

 

 

7. Use A Remote Desktop Gateway Server

As well as additional security, a remote desktop server can be useful if you become the victim of an attack. Remote servers log RDP sessions and can help to investigate any breaches. Intruders cannot modify or delete the sessions logged on a remote server.

 

8. Include Network Level Authentication (NLA)

NLA requests another security test such as word captcha, tick the relevant pictures, or an ‘I am not a robot’ checkbox before allowing access.

Layering the protection is key to outwitting the password guessing programs. The more layers a program must pass, the more likely it will give up and try another device.

Like those who argue about the differences between software development vs. manufacturing, you, or your employees may argue about the additional levels that need to be passed before access will be permitted,

but what’re a few extra minutes of security checks compared to a 6-figure ransom in return for access to your systems?

 

Extra Tips

Here are a couple of extra things you can do to help support the above measures but should not be used alone.

 

Change The RDP Port

Every device has a default RDP port, numbered 3389. Though it will not stop a determined hacker from accessing your RDP, you may be able to reduce the number of attempted attacks by changing the port number.

 

Change The “Administrator” Username

Again, all device default administrators are given the username, “Administrator” (or a local equivalent). As such, many programs are set to simply guess the password for the user named, “Administrator”. Changing it to something obscure won’t necessarily protect you from attack, but it will make it harder.

 

What If You’re Attacked?

If you do become the victim of an RDP attack you will need to assess what went wrong and implement more robust security protocols. Do not underestimate the impact of data breaches, especially for small businesses.

If you pay the ransom and retrieve your files you must check for any changes, hidden malware, and anything that may leave a backdoor open for future attacks.

By paying the ransom you have made yourself more vulnerable because the hackers know you’re willing to pay.

 

 

Time To Act

With such an increase in RDP attacks and the threat of ransomware, it makes sense to take action to help protect your vulnerable devices, whether you are an individual or an enterprise.

While it’s impossible to be prepared for every attack, especially when cybercriminals always seem to be one step ahead and willing to take advantage of every opportunity to scam their potential victims, there are steps you can take to help minimize the risk.

 

Bio:

Grace Lau – Director of Growth Content, Dialpad

Grace Lau is the Director of Growth Content at Dialpad, an AI-powered cloud that offers a multi line phone systems small business platform for better and easier team collaboration. She has over 10 years of experience in content writing and strategy. Currently, she is responsible for leading branded and editorial content strategies, partnering with SEO and Ops teams to build and nurture content. Grace Lau also published articles for domains such as UpCity and Soundstripe. Here is her LinkedIn.

Everything You Need to Know About the Follina Vulnerability and the Latest Advice by Microsoft

Everything You Need to Know About the Follina Vulnerability and the Latest Advice by Microsoft

The recently discovered Follina vulnerability in Microsoft Support Diagnostic Tool has been causing all kinds of harm by employing word documents to do their dirty work. The vulnerability was found in May but has been reportedly exploited for nearly a month and has been making headlines in the cybersecurity world and creating all kinds of doubts regarding the safety of one of the most widely used software, MS Word. Microsoft has responded against the zero-day vulnerability and shared the latest mitigation advice that you can use to block attacks before the official patch. Continue reading “Everything You Need to Know About the Follina Vulnerability and the Latest Advice by Microsoft” »

A Company’s Guide to Email Policies: What to Include in Your Policy And How to Implement it

A Company’s Guide to Email Policies: What to Include in Your Policy And How to Implement it

Email policies are necessary for businesses old and new, big and small. They protect you from legal liability and establish firm guidelines for employee conduct. 

Let’s dive into why you need an email policy, what you should include in its contents, and how to implement best practices for privacy and data security. Continue reading “A Company’s Guide to Email Policies: What to Include in Your Policy And How to Implement it” »

Account Pre-Hijacking: A New Cyber Threat on the Rise

Account Pre-Hijacking: A New Cyber Threat on the Rise

The MRSC’s (Microsoft Security Response Center) Identity Project Research Grants started in 2020 to support external researchers and strengthen protocol and system security. One of the two grants provided to Avinash Sudhodanan has borne fruit, and Microsoft has revealed a new class of a cyberattack, Account Pre-Hijacking.

Account hijacking involves malicious actors gaining access to an innocent user’s account. However, suppose the malicious actor already has access to the victim’s email. In that case, they can create an online account using that address before the victim and put it into a pre-hijacked state, allowing them to regain access to accounts even if a victim recovers it.

 

Account Pre-Hijacking Rise: Challenges to Account Creation

Today, many websites and online services require people to create an account, and account hijacking is already a significant threat that can help threat actors steal personal information and card details and carry out other malicious activities using the hijacked account.

There are plenty of protocols in place to protect accounts from hijacking. However, there is not much when it comes to account creation. The legacy method of using a username or password or the federated identity by using an IdP (Identity Provider) allowing various services to link with the IdP for easy authentication and logins is not protected from all ends.

If a threat actor gains access to your IdP account, they can misuse it to create additional accounts on various websites and services. This method has expanded and given rise to a wide array of new cyberattacks via account pre-hijacking, even without the need to compromise the IdP account.

 

Popular Account Pre-Hijacking Attacks

To create an account on a target website or service, naturally, the malicious actor has to perform some action. Additionally, the victim of an account pre-hijacking attack is unaware of the malicious activity and might regain access to their account easily, adding additional information, payment details, private information, and communication, which can be exploited and misused by cybercriminals for data and identity theft and to rob the victim of finances.

Account pre-hijacking attacks have been characterized in the paper into five distinct categories, which are:

  1. Classic-Federated Merge Attack: In such an attack, the cybercriminal exploits potential weaknesses in the federated and classic account creation routes. Cybercriminals employ the traditional way to create a new account using the victim’s email and make another one using the federated approach as well. If any online service merges the two, both the cybercriminal and the victim will be able to access the account simultaneously.
  2. Non-Verifying IdP Attack: The non-verifying IdP attack mirrors the classic federated merge attack. The cybercriminal leverages a non-verifying IdP to create an account on a website or service. When the victim creates an account on the same website or service using the classic route, there are significant changes in the service combining these two incorrectly, allowing the cybercriminal to access the victim’s account.
  3. Unexpired Session Identifier Attack: In such an attack, the cybercriminal exploits authentication vulnerabilities, allowing them to gain access to the account when the victim is logged in to the account and initiates a password reset request which does not sign them out. The cybercriminal creates an account and carries out a long active session on the service. Whenever the victim tries to recover their account, the cybercriminals might have access to it if the reset did not invalidate their long active session.
  4. Trojan Identifier Attack: Trojan Identifier is another account pre-hijacking attack, one where the cybercriminal links an additional identifier to the username and password while creating an account using the victim’s email. The identifier might be the cybercriminal’s federated identity or another controlled email or phone and is known as a Trojan identifier. Whenever the innocent user resets the password, the cybercriminal can use this Trojan identifier to gain the account access back, resulting in a successful account pre-hijacking attack.
  5. Unexpired Email Change Attack: In such an attack, cybercriminals exploit the online service when it invalidates the URLs (Uniform Resource Locator) for changing the email when a user tries to reset their account’s password. The cybercriminal uses the user’s email to create an account and then updates the email to their own. Since all websites and services send URLs to the updated email, i.e., the cybercriminal’s own email, the cybercriminal can choose to confirm the password reset and regain access to the user’s account whenever they wish.

A particular thing to note in all the above account pre-hijacking attacks is that the malicious actor has to create an account using the victim’s email.

 

Threats that Account Pre-Hijacking Poses

Threat actors can employ account pre-hijacking for a wide array of malicious activities, including:

  • Cybercriminals with knowledge of the victim’s service can utilize account pre-hijacking on similar services.
  • Cybercriminals with knowledge of an organization opting for a specific service could pre-hijack various organizational accounts.
  • Cybercriminals could use the popularity of new or in-demand services and pre-hijack accounts.

All a cybercriminal needs is an email address, which is available publically via social media and can also be obtained by website scraping and credential dumps to carry out such activities.

 

How to Protect Against Account Pre-Hijacking Attacks?

There is a lot that you can do to protect against account pre-hijacking attacks, such as:

  • Adequate password reset mechanisms: An accurate password reset mechanism should:
    • Sign out of other sessions and devices, and invalidate other authenticated tokens to protect against unexpired session attacks.
    • Cancel pending email modification or change actions to protect against unexpired email change attacks.
    • Notify the owner of all emails, phone numbers, and federated identities linked to the account and allow their management.
  • Secure Merging: When merging classic and federate accounts, email services should ensure that a single user controls both so there is no chance of classic-federated merge and non-verifying IdP attacks.
  • Email change confirmations: In case a change of an email is requested, the validity period should be low to reduce the chances of unexpired email change attacks. Furthermore, to prevent cybercriminals from requesting them repeatedly, the service should cap the number of requests to change the email.
  • MFA: Multi-Factor Authentication can help individuals protect against pre-hijacking attacks to prevent cybercriminals and threat actors from penetrating or using a user’s account.
  • Selective Account Pruning: Removal of unverified accounts can significantly reduce pre-hijacking attacks. Additionally, websites and online services should limit the creation of new accounts using the same unverified identifier. Services should also use automated bot detection to restrict the rate at which threat actors can create new accounts automatically.

 

Final Words

The latest research by MRSC has helped bring pre-hijacking into the light and provided a case that there are still simple vulnerabilities that can cause massive harm. With the new results and the above mitigation techniques, service providers and individuals can protect themselves from account pre-hijacking attacks and keep their accounts secure.

9+ Cybersecurity Software Solutions For Businesses To Use

9+ Cybersecurity Software Solutions For Businesses To Use

In the past few years, cybersecurity threats have become more and more common. Attacks left and right are happening to businesses of all sizes, from Fortune 500 companies to tech startups that are just getting on their feet. These attacks can range from data breaches through software vulnerabilities to social engineering attacks in the form of phishing.

This ever-increasing danger of cyberattacks has got everyone mostly spooked when it comes to keeping their security infrastructure well-maintained. Ransomware has especially become increasingly common and has resulted in large losses amounting to around $16.8 million for businesses.

But, you’d think that these attacks are mainly targeted at software companies that hold large amounts of valuable data on tech development projects or financial companies and their accounting records, but in truth, all businesses are prone to be targeted.

 

 

As an example, 3Wishes is an online lingerie store that you wouldn’t even suspect as a target of a cyberattack. Supposedly, it doesn’t have anything of value as compared to, let’s say, a custom software development project made by a tech startup. 

But, that’s quite far from the truth, as online eCommerce stores have something valuable that some attackers would want – customer data. Whether it be in terms of credit card details, emails, passwords, or even phone numbers, attackers will always find a way to profit.

That’s why it is always better to procure cybersecurity software solutions for your business, especially if you keep important data from your most valuable customers. One of the worst consequences of having a data breach is that your business might just get the front pages and result in your clients losing trust and holding you liable for it. 

When it comes to grabbing your cybersecurity solution, there are plenty of ways to proceed with this. First, there are loads of cybersecurity solutions out there. Some solutions are all-in-one platforms, while others are quite more specialized in certain areas, whether these be active protection, threat detection, system testing, or vulnerability detection. 

For smaller businesses, it’s better to go for platforms that can encompass everything, including the basics, as this can provide a layer of security that is both affordable and effective. 

In this review, we’ll be going over the many different platforms that you can choose from, and we’ll put into detail their specializations and pricing plans. You’ll also encounter real-life examples of sites that can possibly use these systems and their features for their security.

So, without further delays, let’s get this review started.

 

1. PhishProtection

Specialized In Protection From Phishing Scams & Social Engineering Techniques

 

 

Social engineering and phishing attacks are very prominent types of cybersecurity threats for any company. While primarily, phishing attacks are quite obvious to detect, they can also be very effective when done professionally and discretely. Sometimes, they can impersonate or deliver their message so convincingly that even a well-trained eye won’t seem to notice a difference, and they particularly try to elicit a certain emotion from their readers. 

Let’s use an example, such as an online medical store. Phishing emails might try to present themselves as an email talking about possibly supplying medical parts at a huge discount. In exchange, they’ll need a small deposit of cash first.

The email might be impersonating a hospital, doctor, or even a past client, which can make it a lot more difficult to determine whether or not it can be trusted.

Luckily, PhishProtection is specifically tailored to address phishing attacks, particularly through email. This can be an added measure of security that can make businesses more secure rather than relying on their employees to ascertain which emails are authentic.

PhishProtection offers Email Impersonation Protection & Email Fraud Protection services which provide the following features for businesses:

SPF (Sender Policy Framework) – creates a list of authorized sending IP addresses for a given domain

DKIM (DomainKeys Identified Email) – sends cryptographically signed messages to remove possibilities of content tampering whilst in transit between servers

DMARC (Domain-based Message Authentication, Reporting & Conformance – Primarily built-on top of both DKIM and SPF. This provides users the ability to communicate with their ISPs on how they want them to behave if and when SPF and DKIM fail or aren’t present in the system.

Additionally, PhishProtection also offers PhishingSimulations and Phishing Awareness Training for employees and owners, making it a great resource for learning more about cybersecurity threats in the area of Phishing attacks.

 

PhishProtection Pricing Plans

 

 

PhishProtection offers three distinct pricing packages for the different features offered. The pricing plans are pretty straightforward. Aside from that, you also get a chance to enjoy a free trial or a demo of their products. 

  • PhishProtection Small Business [$65 USD / Month]: The first and primary package of PhishProtection. It provides up to 25 employees access to advanced threat defense, admin access, email notifications, and 24/7 support.
  • PhishProtection Free Trial [Free]: The free trial version includes protection for ransomware, spoofing, phishing, and other types of cyberattacks. Quite similar to the first package in terms of feature access but only limited for a certain period of time. 
  • Phishing Awareness Training [$45 USD / Month]: Provides additional resources, guides, and training materials for employees on how to spot and respond to phishing attacks.

If you’re interested in using PhishProtection, check out the pricing section.

 

2. Avast

All-In-One Security Platform Against Threats Of All Types And Kinds

 

 

Avast solutions is a one-of-a-kind cybersecurity platform that can accomplish a wide range of tasks. It’s already a household name in the market for many users, both businesses and private individuals, that just want to have an extra layer of security.

The platform is consistently being updated to the latest security standards in the industry while at the same time keeping the systems and features easy to distinguish, understand, and use. 

 

 

Avast provides a good option for medium-sized businesses that are starting to become profitable, and the risk of being attacked by a cybersecurity threat is increasing. The platform can provide a good safety net for most data protection, file security, and online privacy.

If you are an eCommerce merchant that, for example, is selling wooden flowers to your clients internationally, then you might be keeping valuable information regarding your client on their addresses and associated emails, not to mention the financial details of each customer.

 

 

Avast security solutions can make sure that these data are all safe by providing 24/7 security on multiple devices, especially useful for remote teams that have different individuals using their own personal desktops for work. 

Just to list some of the features of Avast: 

  • Individual Device Protection
  • File Shield Protection 
  • Email Malware Protection
  • Automatic Blocking For Unsecured Website Visits
  • Built-in VPN with Bank-Grade Encryption
  • Application Hardlock On Webcam Access
  • Password Security

But, one of the best things about Avast is its ability to easily manage multiple devices in one go. If you are an administrator, you’d be easily able to get an overview of the status of the different devices that you have installed Avast on.

 

 

Here are some features that you can have with Avasts’ built-in remote management tools:

  • Online Management System
  • Device Management Dashboards
  • Alerts & Notification Systems
  • Comprehensive System Reporting

From here, you’d be able to track the security of all the devices that you are using and can safely ensure that each of your employees keeps themselves, your clients, and the business safe from cybersecurity attacks. That’s all in one screen for you to manage and look through without much trouble. 

Lastly, Avast offers quality assurance support where you can communicate with a dedicated support team. They offer both phone and chat services. At the same time, they also have a dedicated site for you to check through manuals and documentation.

 

Avast Pricing Plans

 

 

 

Avast Business offers three distinct pricing packages for its clients. All three offer custom pricing depending on the number of devices that are needed to be installed, which can get expensive relatively quickly. A free trial is available for each package.

  • Essential [$36.99 / Per Device / Annually]: Access to an online management platform, device protection, data protection, and IT support for all devices.
  • Premium [$77.53 / Per Device / Annually]: All features from the previous package alongside privacy, webcam, password, and USB protection systems. 
  • Ultimate [$56.99 / Per Device / Annually]: Access to all previous features with an additional patch management system that automatically scans and applies fixes to vulnerabilities on your software or other third-party applications that can be exploited in attacks.

All plans have a 30-day money-back guarantee. Interested in Avast? Get started by visiting their site. 

 

3. Bitdefender

 Cybersecurity Solution For Enterprises

 

 

Bitdefender for businesses is another high-ranking name in the industry used by large enterprises and corporations as an additional layer for their own security. Bitdefender takes a different approach when it comes to its security solutions.

They have multiple types of security packages that come with different features. They’re all inside a giant software suite which is called  “GravityZone Business Security.” 

 

 

It goes without saying that Bitdefender can be much more complex to handle with all their different security packages, and it entirely depends on what you need. The good side with this split package is that you can spend much less as you can pinpoint certain areas that you want to actually invest your resources into.

One of the best features of Bitdefender is its ransomware security features, as it is highly reliable and can protect a lot of important data on a computer network.

 

 

Not to mention that Bitdefender also scans through certain websites whenever visited. If you’re one to frequently doze around with your work computer playing scrabble on different gaming sites, then you’d be able to do that relatively safely now as Bitdefender will automatically tag and block connections with fake and dubious websites that can pose a significant danger.

Bitdefender makes it convenient for you to stay on the safe side of the internet. Not to mention that their active protection systems can do a lot of good in terms of removing a threat that has breached your systems.

Here are some additional features that you can enjoy with Bitdefender’s GravityZone Business Security Package:

  • Endpoint Layered Protection
  • Ransomware Prevention & Mitigation
  • Single Console Dashboards For Management
  • Web-Based Security (Can Be Hosted By Bitdefender Through Cloud)
  • Security Incident Response
  • Endpoint Risk Management
  • Network Attack Defense
  • Risk Mitigation
  • Preemptive Ransomware protection
  • Real-Time Monitoring

With all these security features, Bitdefender is best used for enterprises and large businesses. For example, if you’re one of the main suppliers for a certain product, such as for specialized dress forms with clients at an international level with an already high amount of complexity in your business from accounting, logistics, and sales, then it’d be best to keep all these areas secure from potential disruptions, and the investment for the price of Bitdefender might just be worth it.

Overall, Bitdefender is an expensive, complex, but highly reliable platform to choose from as an additional or even main layer of security for your business.

 

Bitdefender Pricing Plans

 

 

Since Bitdefender has multiple different packages for their GravityZone suite, we’ll be specifically talking about the pricing plan for their Business Security Package, as that can be the primary package that most use.

  • GravityZone Business Security [$259.99 / 10 Users / Annually]: Access to all GravityZone Business Security features such as endpoint security, ransomware protection, risk management, admin consoles, and reporting + analytics tools. 

Bitdefender’s pricing gradually increases depending on the number of devices. The larger the number, the lesser the price for each subsequent device. For more than 100 devices, Bitdefender provides a means for inquiry or having a partner assist with a sale.

Get started with Bitdefender through their site.

 

4. Kaspersky

Resilient & Advanced Cybersecurity Platform

 

 

Kaspersky is a cybersecurity platform that is primarily known to be a Russian multinational cybersecurity and antivirus provider. For the past few decades, Kaspersky has been steadily making a name for itself as a reputable provider with around 400 million users, making it the largest market-share holder of cybersecurity solutions in Europe.

Kaspersky is a relatively reliable platform, and one of its main selling points is that it is highly effective in detecting unwanted programs and threats to desktops. It is also a great platform to use when browsing the web as it provides tools to stop unwanted visits on potentially harmful sites, comes with an AdBlock, and also stops pop-ups from appearing.

Not to mention that Kaspersky is constantly providing information on its resources page on the security trends. They have guides on the best security tips that you can use to help in securing your systems, whether it be on removing device vulnerabilities to tips on recognizing voice phishing threats.

Kaspersky provides a tier-based upgrade on their features allowing businesses to easily scale with their growth and their security requirements. Kaspersky offers a wide range of protection features on all endpoints. 

Just have a look at all their product ranges that are available for businesses to choose from:

  • Kaspersky Security For Internet Gateway
  • Kaspersky Hybrid Cloud Security
  • Kaspersky Vulnerability & Patch Management
  • Kaspersky Security For Storage
  • Kaspersky DDOS Protection
  • Kaspersky Endpoint Security Cloud
  • Kaspersky Endpoint Security For Business
  • Kaspersky Security For Microsoft Office 365
  • Kaspersky Security For Mail Server

You have the option to choose from any of these products depending on your needs, with each having its own free trial that you can try out.

 

Kaspersky Pricing Plans

 

 

With all the different product ranges of Kaspersky, we’ll be focusing on their Endpoint Security Cloud product as it offers a wide range of protection features for the needs of most businesses.

  • Kaspersky Endpoint Security Cloud [$193.50 / 5 Users / Annually]: Access to web, file, and mail threat protection features and ransomware prevention with malicious activity rollback systems. Cloud discovery, vulnerability scans, and mobile application support.
  • Kaspersky Endpoint Security Cloud Plus [$308.25 / 5 Users / Annually]: All the previously mentioned features alongside the addition of root cause analysis features, web and device controls, cloud blocking and security systems for Microsoft Office 365, data discovery, and patch and encryption management. 
  • Kaspersky Endpoint Security Cloud Pro [$550 / 5 Users / Annually]: All the previously mentioned features with endpoint detection and response features and application controls. 

Each pricing package comes with a Free Trial version and an option to purchase via a partner of Kaspersky. 

Want to start with Kaspersky? Visit their site to learn more

 

5. TrelliX

Device To Cloud Security Solution

 

 

TrelliX is a cybersecurity platform that is highly feature-rich with many different nuances when it comes to security for its users. The platform isn’t that welcoming to new users and the average joe, so it can require some technical knowledge to properly use.

The platform is best used for large companies with dedicated IT teams that can manage the platform’s full potential. 

TrelliX also provides emerging technological security solutions and is constantly driving and creating improvements with its own systems. You could say that some of its features are experimental.

Their main product is TrelliX XDR – a living security ecosystem that adapts and learns through the threats that it encounters. TrelliX describes this feature as a flexible platform that intertwines all their existing technologies together with their board network of 650 vendor partners to create an overall security suite in one single space. 

If you’re interested in TrelliX, take a look at some of its features:

  • Endpoint Security
  • SpecOps & Analytics
  • Data Protection
  • Network Security
  • Email Security
  • Cloud Security

These are simply some of the products that they offer, and each one goes much more in-depth with the technical applications of how they handle cybersecurity threats.

Overall, choose TrelliX if you’re a large company that has a budget for investing heavily in network security.

 

TrelliX Pricing Plans

TrelliX does not offer pricing plans for their different products and their packages. You’ll have to get in touch with their sales team in order to get a quote. At the same time, you can also schedule a demo if you want to take a look at their security suite. 

Check out TrelliX’s site if you want to get started with their products.

 

6. Norton

Easy To Use Security Solution

 

 

Norton is a cybersecurity platform that is highly regarded as very easy to use. It has great dashboards and well-functioning cybersecurity features. Their plans are also very available for the average medium-sized business.

The app offers an easy cloud-based setup with device management capacities for easy access and administration on multiple devices.

At the same time, Norton protects devices all across desktops, laptops, tablets, and even smartphones. 

 

 

When it comes to allowing a device to have Norton installed, it doesn’t take much effort than sending an email to the employee with the device being used. From there, step-by-step instruction is provided on how the device can be included in the protection plan.

The process for removing devices is also easy and can be done from the console of the administrator. It’s a highly responsive and easy-to-use platform for businesses that don’t have dedicated IT teams.

If you’re having problems with the platform, however, Norton gets their game going with their 24/7 support teams. At any time and without any limits, you can give them a call regarding any concerns that you might have. 

 

Norton Pricing Plans

 

 

Norton only has one pricing package that provides you full access to its many features. The only moment where things would be changing is on the device amount.

  • 5 Devices – Priced At $99.99 / Annually
  • 10 Devices – Priced At $149.99 / Annually
  • 20 Devices – Priced At $249.99 / Annually 

Norton’s pricing plan is recurring subscriptions, so it will automatically renew by the end of each term. You will have to manually stop the subscription if you choose to change or remove the platform as your go-to security solution.

Interested in Norton? Visit their site to get started with your plan.

 

7. Cloudflare

 Best For Website Security

 

 

If you’re running a website with visitors constantly streaming in to get their much-needed content, then you have to make sure that your website is running at all times. Less downtime, the better. 

For example, eCommerce merchants such as this website specialize in selling and installing fire pits in households. They’ll need to keep their website running 24/7 so that they won’t miss any potential clients. This is all the more important when you consider each customer can be a significant amount of revenue.

Cloudflare is a great method for keeping your website secure from cyberattacks and making sure that it runs safely and efficiently. It’s an easy-to-use platform with integrated security performance systems to deliver a comprehensive security system to websites and business networks.

From domain registration, website development, and serverless applications to Argo smart routing, web analytics, and security centers – Cloudflare can be an all-in-one network security solution for most website owners. 

 

Cloudflare Pricing Plans

 

 

Cloudflare has plenty of solutions and products with varying pricing packages being offered, so we’ll limit this to their Business Plan for their primary service of delivering the important features for most of the needs of regular businesses.

  • Business Plan [$200 / Month]: With the business plan, you have access to mitigation of DDOS attacks, global content delivery networks, web application firewall, PCI compliance, and custom SSL certificate uploads. You also get to enjoy prioritized customer support via chat and email.

Get started with Cloudflare for your site by visiting their site.

 

8. Malwarebytes

All-Purpose Security Solution

 

 

Malwarebytes is another tested and proven cybersecurity solution for most businesses that are looking to get a security platform for their networks. It is perhaps one of the more well-known software platforms out there when it comes to providing adequate, reliable security for both businesses and individuals.

Malwarebytes is particularly strong with its ransomware protection features. They offer 72-hour ransomware rollback systems with a “zero-day” malware detection capability. Not to mention that they also have an emergency kit ready when it comes to networks that have already been hit by ransomware attacks. 

One of the areas that Malwarebytes is also good at is with their available resources on cybersecurity. They have live and pre-recorded webinars that people can go through if they are interested in learning about many different topics regarding cybersecurity. 

Aside from that, they also have written guides and constant news updates on the latest security trends that are happening around the world.

If you are interested in Malwarebytes, take a look at the products that they offer:

  • Endpoint Protection / For Servers
  • Endpoint Detection & Response / For Servers
  • Incident Response
  • Malware Removal Service
  • Nebula Platform Architecture
  • Vulnerability & Patch Management
  • Remediation For CrowdStrike

Malwarebytes is particularly useful for small to mid-sized businesses, but they also offer packages for large enterprises.

It’s a platform that is easy to use while also offering highly reliable tools for businesses to rely on when it comes to protecting themselves against malware and ransomware attacks.

 

Malwarebytes Pricing Plans

 

 

Malwarebytes has three distinct pricing packages, and each can depend on the number of devices being used. They also have a special pricing package for servers.

  • Malwarebytes For Teams [$49.99 / Device / Annually]: Access to independent management, industry protection standards, threat eradication, next-gen antivirus, and business support.
  • Malwarebytes Endpoint Protection [$69.99 / Device / Annually]: All previous features alongside management console, time-saving visibility, and server option availability.  
  • Malwarebytes Endpoint Detection & Response [$84.99 / Device / Annually]: All previous features with attack isolation and ransomware rollback features.

Start with Malwarebytes by visiting their site and getting started with your plan.

 

9. ESET Endpoint Security

Data Breach Prevention

 

 

ESET Endpoint Security is a long-standing cybersecurity platform with around 30 years of experience in the field. It is a highly reputable platform but not necessarily accessible to the average user. It can be a bit more complex to work with and install on platforms.

However, the security features that the platform provides are not only powerful but also lightweight on the infrastructure of businesses. They also have a wide range of documentation available on cybersecurity-related solutions that businesses can take a read on to further improve their capacities.

ESET Endpoint offers an intuitive control center with great reporting dashboards on any threats that businesses might encounter and, at the same time, supports mobile apps.

The platform can be quite expensive, but it can be worth it.

 

ESET Endpoint Security Pricing Plans

 

ESET Endpoint Security has three distinct pricing packages being offered to its users. Depending on the number of devices, the pricing for each package can get exponentially higher. 

  • ESET Protect Entry [$239 / 5 Devices / Annually]: Provides access to ESET Protect Platform, Modern Endpoint Protection, and File Server Security. 
  • ESET Protect Advanced [$310.50 / 5 Devices / Annually]: Access to all previously mentioned features alongside Full Disk Encryption and Advanced Threat Defense.
  • ESET Protect Complete [$382.50 / 5 Devices / Annually]: Access to all previously mentioned features with added Mail Security and Cloud App Protection.

A 30-day free trial is available for users to try out, and at the same time, you can also request an open interactive demo with their sales agent. 

Check out ESET Endpoint Security’s website to learn more.

 

10. NordLayer

VPN Solution For Businesses

 

 

Nordlayer is primarily a business VPN that can ensure secure access to a company network. Its main function is to protect cloud network environments and internal assets inside a company. 

Nordlayer allows employees of a business to have their own personal secure access to a company’s file via a VPN. This ensures that no other external third-party user can just randomly access the valuable information of a business. 

This feature allows businesses to keep their networks clear from unauthorized access and keep peering eyes away. At the same time, it also allows anonymity of traffic that enters and exits the network. 

Nordlayer is specifically designed as a remote access solution for businesses. It is great for remote work setups to mitigate the risks of cybersecurity attacks from a possible compromised remote desktop of an employee.

 

NordLayer Pricing Plans

 

 

NordLayer does not offer a pricing plan for its product. Instead, you’ll have to contact their sales team in order to get a quote, and it largely depends on the needs of your business.

Get started with Nordlayer by visiting their site.

 

Conclusion

There are plenty of options for businesses to choose from when it comes to cybersecurity software platforms. The only question that remains is which one suits best their needs, from the features to the pricing.

All-in-all, these cybersecurity solutions are primarily enough to deter most cyberattacks that regularly occur on the web.

How to Send a Follow-Up Email After No Response?

How to Send a Follow-Up Email After No Response?

No matter if you operate in B2C or B2B, email outreach is a tall order. Even if you use an opt-in verified contact database and have a trustworthy sender domain, your messages may be cluttered by dozens of incoming emails in leads’ inboxes. Email marketers shouldn’t, hence, neglect sending a follow-up email. Not unless they care about the ROIs of their outreach efforts.

Continue reading “How to Send a Follow-Up Email After No Response?” »

Is COVID-19 Germinating More Cyber Attacks?

Is COVID-19 Germinating More Cyber Attacks?

The short answer to that question is a definite yes.

In fact, according to cyber intelligence firm CYFIRMA, there has been a stunning 600% increase in threat indicators between February and early March alone with hackers from all over the globe cooking up new schemes.

 

Why Hackers are Upping their Game?

Hackers know that fear and disruption equals opportunity and there is nothing quite like a global pandemic to create plenty of both.

Cybercriminals are also well aware that many employees are now being forced to work from home and that puts poorly prepared businesses at risk of a wide variety of cyber-attacks – from home Wi-fi hacking and phishing to brutal DDoS assaults.

Businesses directly connected with the pandemic should be doubly careful by using phishing protection services. The nastiest cybercriminals of all are targeting hospitals and medical labs. Some are motivated by money, looking to extort hospitals or steal and sell valuable research. Others have more political aims (e.g. subverting national governments).

 

How do hackers gain entry?

Here are three tactics – with examples of how they have been used during the COVID-19 outbreak:

Sneaking under the gate

This is the closest method fitting the stereotype of the hacker as some sort of technical whizz probing for weaknesses.

For example, with remote working taking off, cybercriminals have realized they can strike gold through hacking relatively insecure home Wi-fi routers. An expo by Bitdefender showed us how hackers are targeting vulnerable types of router (namely Linksys and D-Link routers) to change DNS settings.

Basically, they are telling the routers to direct requests for certain popular sites (e.g. AWS and Disney) to a fake site. Before loading, a convincing info panel pops up offering advice about coronavirus. When the target clicks the download button, a chain of events plays out behind the scenes, ending with a program known as an ‘infostealer’ downloaded on the device. You don’t need much imagination to guess what that does (it even steals Bitcoins!)

Smashing down the gate

Or to be more accurate, holding shut the gate – for everyone. This is how a standard Distributed Denial of Service (DDoS) attack works. It uses the combined power of multiple computers to flood a network with connection requests, effectively taking it offline.

When the website in question is the US Health and Human Services department website, during a killer pandemic, you can see how this could be a problem.

Bloomberg reported a suspected DDoS attack on the HHS in March although, according to secretary Alex Azar, the department: “had no penetration into our networks, we had no degradation of the functioning of our networks.”

It is still unclear whether this was a genuine DDoS attack or simply the result of an uptick in genuine requests overwhelming the HHS servers. Nevertheless the threat is clear to see.

Getting you to open the gate

This is the most effective method of all.

Coronavirus and mass panic creates a perfect storm for hacker phishing expeditions. The classic phishing technique abuses our fears and our trust to get us to download the type of malware mentioned above (and other nasties like ransomware).

The malware (or a link to it) is sent via an email disguised to deceive the recipient into opening it – either due to fear or simple lack of attention (“It said it was from HR, boss!”)

During this COVID crisis, phishing campaigns could be disguised as:

  • An information update from the WHO, CDC or another trusted organization
  • Urgent instructions from HR or the management
  • Check application form from the Federal government
  • COVID-19 vaccine announcement
  • Low cost PPE (masks, gloves, etc.)
  • Foreclosure warning from your bank

If that scares you, we have a solution: Phish Protection is ready to keep these attacks at bay permanently (it’s like PPE for anyone who handles emails!)

 

Solutions: Taking Back Control

Now that you know a little of what you’re up against, here are a few tips to keep you protected from the increase in hacker activity:

  • Instruct remote employees to check the passwords of their home Wi-Fi routers when logging into the corporate network or cloud services (especially if it’s a D-Link or Linksys router).
  • Public Wi-Fi should only be used for non-sensitive work and only if there is no other option.
  • If possible, supply all remote workers with separate devices for work purposes
  • Add remote workers to your VPN (if you don’t have a VPN, set one up)
  • Create a patch/upgrade policy that works for everyone. As provider of IT consulting Los Angeles based DCG Inc. said in a recent blog post: ‘Security patches and updates play a key role in keeping your business safe against cyber threats.’
  • Make sure employees take regular back-ups of their work. You may want to invest in a cloud back up service.
  • Formulate a disaster recovery plan. Another post from provider of IT Services Los Angeles based DCG Inc. warns: ‘Alarmingly, over 90% of unprepared companies get out of business within a year of a data disaster.’
  • Talk to Phish Protection about our cutting edge anti-phishing technology. We even offer a 60-day free trial.

The upheaval caused by COVID-19 is triggering a wave of new phishing attacks from global hackers. By following the above advice and keeping on your toes, you can ensure your systems don’t pick up a virus of a different kind.

 

About Brent:

Brent is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT Support Los Angeles area businesses need to remain competitive and productive, while being sensitive to limited IT budgets.

Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. He also leads SMBTN – Los Angeles, a MSP peer group that focuses on continuing education for MSP’s and IT professionals. DCG was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor.

Cybersecurity Updates For The Week 1 of 2020

Cybersecurity Updates For The Week 1 of 2020

In a shocking development, many people last week suffered from massive ransomware attacks all over the world. Several precautions are taken by users these days as awareness about cybercrime grows, but there are always new ways discovered by attackers to steal more information. Although millions of dollars are being spent by government agencies to rectify the errors that allow such incidents to happen, these incidents continue to occur with alarming regularity.

  Continue reading “Cybersecurity Updates For The Week 1 of 2020” »

Cybersecurity Updates For The Week 52

Cybersecurity Updates For The Week 52

Yet another exciting time in cyberspace, last week was spent by most of the enterprises trying to fix some of the most common vulnerabilities and various sources of zero-day attack present in much of the software of some of the top organizations around the world. Microsoft was finally able to send a patch for the win32k zero-day attack, and the ransomware that affected Pensacola was eventually detected and stopped; however, even with all this progress, there are still millions of cybercrimes taking place every day in the world.

Continue reading “Cybersecurity Updates For The Week 52” »

Cybersecurity Updates For The Week 51

Cybersecurity Updates For The Week 51

Cybersecurity or Internet Security is of utmost importance in the digital world today. It is a body of technology, expertise, norms, and processes designed to safeguard devices, data, programs, and networks from being attacked or accessed without authorization. Cybersecurity is essential to promote as all the important officialdoms, be it the government, military, defense, or medical organizations, store massive amounts of unprecedented data on various networks, computers, and such other devices.

Continue reading “Cybersecurity Updates For The Week 51” »

Cybersecurity Updates For The Week 50

Cybersecurity Updates For The Week 50

Yet another week passes by, and the number of attacks on innocent netizens only escalates. Hackers are undoubtedly on an endless spree of infecting devices with malware and disrupting the daily activities of people. While many users indirectly encourage attackers by easily giving them the demanded ransom, others choose to stay firm and not do what the hacker wants even if they have to struggle because of this decision. People may adopt the best phishing prevention measures, and yet the attackers will manage to find some tiny crevice to enter and breakdown their entire system. The internet is flooded with news of such incidents that have happened over the week. But here we bring you the most important headlines from the world of cybersecurity:

Continue reading “Cybersecurity Updates For The Week 50” »

Cybersecurity Updates For The Week 49

Cybersecurity Updates For The Week 49

The cyber-world is full of stories of technological innovations with newer and unthinkable horizons of progress being reached every day. However, development is not just happening for the masses; there is a community of people who are working against these innovations for their personal benefit, often at the price of privacy, property, identity, and money of the innocent users. These are the cybercriminals who come up with new and unusual methods of defying anti-phishing tools. Here is a list of the major attacks from the past week to help keep your guards up.

Continue reading “Cybersecurity Updates For The Week 49” »

Cybersecurity Updates For The Week 48

Cybersecurity Updates For The Week 48

The cyber arena is an integral part of the life of millennials because of which nothing ever seems to take place offline. However, anti-phishing protection becomes necessary when we deal with new websites, new people, and new technological advancements every day as the times are difficult, and cybersecurity is at stake with the existence of countless malicious actors. There are innumerable instances of cyber-attacks being launched by the attackers, which have made individuals, companies, and governments suffer financially, socially, politically, and emotionally. Here is an account of the most recent cybercrimes to help you better analyze the dark reality of the digital world.

Continue reading “Cybersecurity Updates For The Week 48” »

Cybersecurity Updates For The Week 47

Cybersecurity Updates For The Week 47

Cybersecurity is an issue with growing concern among all netizens. There is barely any privacy on the internet today, and not taking the right security measures only adds on to make us all the more unsafe on the web. Hence, there are rising numbers of instances of cyber-attacks and it is because of this that ensuring phishing prevention has become mandatory for individual users as well as the organizations. Here are the top headlines from the cyber world to help to plan your security better.

Continue reading “Cybersecurity Updates For The Week 47” »

Cybersecurity Updates For The Week 46

Cybersecurity Updates For The Week 46

There is no denial of the fact that the advancement of technology has reached greater heights in the world of the attackers. Now and then, the name of some new form of a cyber-attack can be heard or read. These attacks are so well planned and executed that as users of the internet, anything we do as an anti-phishing measure is barely ever enough to meet the standards of sophistication employed by the attacker. However, continually studying the recent trail of attacks helps gain at least some insight into the minds and functioning of the cyber adversaries, which enables us to exhibit some preparedness. That is why we have come up with a list of the significant cyber-attacks throughout the week to help you study the attackers better.

Continue reading “Cybersecurity Updates For The Week 46” »