Page 58 of 62

Cybercrime Year in Review: 2013

cybercrimeOh, what a year it was for insecurity, and especially for the small business. It wasn’t as though we didn’t already know – that small businesses were firmly in the crosshairs of hackers. But early in the year Verizon put the final stamp on it. In its annual Data Breach Investigations Report, published at the beginning of 2013, Verizon revealed that businesses with fewer than 100 employees made up the single largest group of victims of data breaches. That conclusion was supported by other security studies around the same time that found small businesses suffered the most cyber attacks.

Perhaps the single biggest and most dangerous change in threats came in the world of malware delivery. For years, hackers and malware authors had used the same ways to deliver and spread their malware. Email and spam were by far the most popular. It was easy to buy hundreds of millions of email addresses, pack them with phishing messages, and attach a nasty malware payload.

And even if most users didn’t fall for the scam, even a small percentage of hundreds of millions was enough to make the attacks very lucrative for criminals. But as more users got the message, and began to grow more reluctant to open email attachments they weren’t expecting, many thought the malware industry was on its last legs. After all, how else could you get the goods to market?

So hackers had to choose a new way to deliver and spread malware. And they found it in small business websites. Every month, thousands of poorly protected websites are hijacked by hackers who use vulnerabilities in these sites to install malware. That malware is then spread to visitors to those websites, as well as attack other websites, and so continue the spread of malware.

And if you think that simply relying on antivirus software will get you through safely, there’s some more bad news. Some reports have suggested that today’s antivirus software can detect very few of the most dangerous types of malware – the stuff you really want to avoid. And the New York Times can testify to that. Early in 2013, Chinese hackers were easily able to breach the extensive defenses the Times had in place. Out of 45 different types of malware the Chinese used to attack the newspaper, the Times’ own security and virus protection detected only one.

But Chinese hackers weren’t just targeting big businesses like the New York Times. In September, the Huffington Post reported that Chinese hackers were actively targeting small businesses in the U.S., from pizza restaurants to medical clinics.

According to the Huffington Post, “The hackers find computer systems to take over by using tools that scan the web for Internet-connected PCs with software vulnerabilities they can exploit. Small businesses are popular targets because they often have lax security.”

And the year didn’t end too well either. When security researchers discovered more than 2 million stolen passwords on a hacker server in December, a piece of malware called a keylogger was suspected. That very same week, other security researchers found that out of 44 popular antivirus products tested, only one was able to detect a keylogger.

Which probably explains why an estimated $5 billion was siphoned from U.S. bank accounts in 2012 by cybercrooks using malware like keyloggers. And if any of those were business accounts, the business owners were probably on the hook for all the losses.

So safe to say (no pun intended) that 2013 was not a good year for business security, and especially for small business security. And we don’t predict much improvement over the next twelve months. It’s now clear that small businesses are the favorite target for the worst kinds of hackers. Whether it’s to steal your personal and customer information, break into your bank account, or use your website to host a variety of very dangerous malware, your small business may be getting all the wrong attention from all the wrong visitors.

So let’s make 2014 the year you take back your security and peace of mind. Security isn’t hard, no matter how sophisticated hackers and their tools have become. There are plenty of ways you can protect your business and your website, and make it just hard enough for hackers to decide that you’re just not worth the effort and that they should move on to small businesses that are doing little about security. It’s like locking your car and closing the windows while being parked next to a convertible with the top down. The easy target gets attacked first, and you’re at least lower on the radar by showing your security awareness.

If you make just one security choice this year, make it your website. Securing your website is simple and affordable, and yet it’s the single best way to protect your business, your customers, and any visitors to your site. And you’ll also help slow the spread of malware to other users and sites, which is one in the eye for the bad guys.

And remember that as a SiteLock customer you get more than prevention. SiteLock will work with you to address any website security issues that crop up, including malware removal, if any is detected on your site. And as always, our security advice – the best in the business – is always free, and we are here around the clock whenever you need support.

If you’re a frequent reader of this blog, then you’ll know that our expertise and advice goes far beyond just protecting your website. All good security has to be holistic, which is why we offer no-nonsense advice on a variety of security topics that can impact your business, from security policies and planning, to employee education, malware prevention, data privacy and security, and much more.

Our goal for 2014 is to be the best security partner for online businesses. We hope that, even if SiteLock is not your chosen security provider, website security is on your list of goals for 2014 as well. To get started on meeting this goal call SiteLock at 855.378.6200.

Google Author: Neal O’Farrell

SiteLock Website Security

Santa’s Reply to a Website Security Wish List

Dear Website,

Santa's reply to a security-concerned websiteWell, I’m not really sure where to begin. Not only was it the first time I’ve received a letter asking me for website security for Christmas, but also the very first letter I’ve ever received from a website. And trust me, I’ve been doing this for quite a while, long before that internet thingy I started for Al Gore.

I am very sorry to hear how worried you are about security, and especially hackers and malware. Not really for yourself, but for your owner. I know that most business owners are so busy building their dream, they sometimes forget that there are some very bad people out there who can too easily steal it all.

I have to admit, I wasn’t really sure where to start. If you’d asked me for a Kindle or an “i” something-or- other, or even just a toy or a scarf, that would be easy. But I feel a little like most business owners do, not really knowing how to protect you and even where to start.

But when I had some downtime on my sleigh (don’t worry – it has cruise control, so it was perfectly safe), I did some research and I hope you’ll be happy with what I came up with.

So here it goes:

You said you wanted someone to watch over you. Well, while I’d love to be able to do that, you understand I have my own full-time job, even in the off-season. So I sent your owner a very nice letter advising her that the best thing she could do for herself (and for you) was to sign up for SiteLock so that you aren’t so vulnerable to all those hackers and malware removal is automatic.

I love giving gifts like that. They’re not extravagant so there’s no need to feel guilty. They’re very simple to use, so your owner doesn’t have to spend her holidays pouring over an instruction manual or looking for batteries. And once you switch it on, SiteLock will guard you and your business around the clock, from the most advanced threats and determined hackers.

So what was next? Oh yes, better passwords. I hear that. It’s a nightmare for my toy business. Who knew so many employees, elves especially, are so careless with important passwords? Like FTP. I mean, why have a lock on the front door of your business if you insist on leaving the keys in it?

But I’ve got you covered. I sent every employee a password manager (don’t worry, some of the best are free). Now they can create and protect the most complex of passwords, and store them all in one safe place. So not being able to remember all those big and clumsy passwords is no excuse. And some of these programs will even remind you when it’s time to update your passwords, so forgetting is not an issue either.

Let me see, what else did you ask for? Sorry, my memory isn’t what it used to be. Oh yes, you wanted to get rid of all that outdated content and code on your website because you think it’s slowing you down. Tell me about. Every year about this time, when the rush dies down, we promise to tidy up the place so that we can run more efficiently as we prepare for next year.

And every year that resolution goes out the door as quick as Christmas itself. Not to worry. I created a special note just for your webmaster. In exchange for his list, I gave him a list, too. It’s pretty simple. I told him to go through every page of the site and remove any outdated content and images, and clean up or remove outdated code — we all know how dangerous that can be.

I also told him to get a patching and updating regimen in place so that all critical patches are installed as soon as they’re available, and outdated software and plugins don’t leave you vulnerable.

I think that’s it. Hope I’m not missing anything. When I think about it, I wish every website would send me a letter like this. I can easily find their owners and lean on them a little.

I mean, if this is the season of goodwill and joy, why shouldn’t it start with your website, the face of your business? For more information, just ask the experts at SiteLock. Give them a call at 855-378-6200. They’re available 24/7 to help.

 

2013 Target Breach Exposes Much More Than Data

target data breachAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

Businesses Defenseless Against Keyloggers

keyloggersWhen news broke last week that security researchers had found more than 2 million stolen passwords hidden on a hacker’s website, it didn’t take long for media around the world to get on the case. It appears the passwords were stolen over many months, and from users of Facebook, Twitter, Google, LinkedIn and many other sites.

The story that seemed to get the most attention from the media and from security experts was what these 2 million passwords told us about the password habits of users. That they were awful. Not that that’s really news, but still, once again we discovered that the most common passwords included in the haul were 123456, 111111, and perhaps worst of all, password.

However, we noticed something else, something that other security experts seemed to miss completely. The initial suspect in the heist was a keylogger, a tiny piece of malware that will infect computers, steal things like logins and passwords, and pass them back to the hackers.

On the very same day the media frenzy started, we noticed that a security firm OPSWAT revealed some very scary test results. When they planted a basic keylogger on one of their test computers, and ran scans with more than 40 of the most popular consumer and business antivirus products over two weeks, only one product caught the keylogger. Which probably means most consumers and even small businesses probably won’t be able to detect it either.

While the better antivirus brands are generally good at catching the most common malware, a study by the University of Alabama found that those same products only catch around 25% of the more advanced malware. And that’s the stuff that can do the most harm.

Keyloggers are typically in search of logins and passwords, but they don’t just log what you type. They can also capture screenshots of what’s on your computer, screenshots of the websites you visit and the folders you open, and even what you search for. And software isn’t the only variety. There’s a growing trend towards hardware keyloggers – keyloggers designed to look identical to a plug or connector you’d expect to find at the back of a computer or even a cash register. One such hardware keylogger was recently found plugged into the back of a cash register at a Nordstrom store in Florida.

If keyloggers make their way on to computers in your business, the hackers may be able to steal logins and passwords to your website or bank account. They might also be able to steal payroll and customer information. They might even be able to hop from your computers to your website, and from there infect visitors to your site. Which could end up with your business being blacklisted by the search engines until you solve the problem.

So what can you do cripple this menace?

  • Start by talking to your employees, explain what a keylogger is, how it can threaten your workplace, and how you can all work together to protect against them.
  • Require all your employees to use anti-keylogger software, like Key Scrambler (free). They won’t protect your business against every type of keylogging but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they’re unusable to hackers.
  • Make sure you and your employees use one of the many safe surfing tools or plugins, like Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. SiteLock is finding as many as 5,000 small business web sites every single day already compromised and requiring malware removal. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.
  • Always have good antivirus software on every computer and device you use in your business and at home. And encourage your employees to do the same. Some of the best is free, including for your smartphone and tablet. And scan often — at least once a week is recommended.
  • All employees should change their passwords often and think about passphrases instead.
  • Be careful what you allow employees to download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you’re really sure and you really need to.

For more information on protecting your business from cybersecurity threats call SiteLock at 855.378.6200.

SiteLock Website Security

SiteLock’s Rendition of the The Twelve Days of Christmas [Video]

At SiteLock, we see the biggest shopping season of the year as one of the biggest risk seasons too — at least for online threats. Let’s face it – most of us shop (and many of us sell) online to avoid the long lines and hustle of the crowds, and to make it easy for our customers.

In sticking with the theme of online shopping (and keeping your business and customers safe while doing so), being protected from hackers, and even hearing the website’s story in its letter to Santa practically begging for some attention, we are introducing a fun and informative video about some very real risks that website owners face, and what they mean for their online business. At a time when they can least afford to be exposed.

The content in this custom rendition of “The Twelve Days of Christmas” video is created entirely for educational purposes, taking the approach that even in risky times, awareness is the best form of prevention. A little fun never hurt (so we use that too), but what you don’t know can hurt you, so please be safe!

Enjoy the video! And caring is sharing – so tell your friends!

12days

 

 

 

 

To protect your website this holiday season, call our SiteLock security experts at 855-378-6200 and ask for a free risk assessment.

malware removal

Protect Your Website From Hackers

No one likes talking or even thinking about bad things around the holiday season. It goes against the holiday spirit! But you may not have any choice. Bad things can happen to your business at any moment, and may even be happening as you’re reading this. Every day, millions of small business websites are being prodded and probed by automated hacker tools looking for unsecured websites they can hijack. It’s almost like a thief walking along a row of cars and nearly invisibly checking each door handle to see which ones are unlocked. Except hackers have an additional layer of secrecy. They don’t have to leave their homes to check websites, and they can see many of them – all at once.

Read More

Happy Cybercrime Monday!

cybercrimeHappy Cyber Monday! If your website has survived the Thanksgiving rush, let’s hope it doesn’t suffer from a post-Thanksgiving malware hangover. Because in the usual run up to Christmas, the only people busier than elves are hackers. And their favorite tool this year appears to be malware. What’s a website to do without trusted malware removal?

We took a look at many of the top security stories to hit the headlines in just the last couple of weeks, and it’s not surprising that most of them were about malware.

Security firm Symantec says that hackers have recently been very successful in delivering a nasty gift of malware to unsuspecting users by blasting out emails pretending to be antivirus software updates. What makes the emails so convincing, according to Symantec, is that they look very authentic and incorporate logos from most of the popular antivirus products – probably even those that you use. Because most users are likely to be familiar with the brands and use at least one of them, it makes the email appear more personal and genuine. And therefore more likely to be opened. And clicked – which is what causes the most damage.

Security firm Trusteer also announced that it discovered some of the most advanced financial malware yet, malware that not only has more features than any previous malware, but also creates a private and secure communications channel back to the hackers behind it. According to Trusteer, the malware can steal information entered into web forms as well as steal log-in credentials from dozens of the most popular FTP clients.

And this is especially dangerous to small businesses in the U.S. If this malware is able to steal the login and password for your business bank account, it will very quickly empty that account. And small business accounts are not protected by zero liability. So if the thieves steal every last dime you have in the bank account, you’re out of luck. And maybe even out of business.

To add to the misery, Trend Micro also reported that it discovered more than 200,000 different types of malware targeted at online banking in just the third quarter of this year, with at least 25% of them targeted at U.S. banks.

One of the most dangerous pieces of malware in circulation right now is Cryptolocker. This is ransomware. Once it infects your computer, it will encrypt or lock your files and then demand a ransom to unlock them so you can use them again. The ransom can vary, from $300 to more than $3,000. And even if you pay the ransom, chances are you still won’t get your data back. And thousands of users have fallen victim. Even one police department admitted that Cryptolocker had managed to kidnap their data.

And not to be left out, researchers have discovered that even the NSA has turned to malware to do their job, infecting at least 50,000 with a botnet that will allow them to spy on those computers.

To add website malware scanning and defense to your holiday to-do list call SiteLock at 855.378.6200.

Website Security

All a Website Wants for Christmas is Website Security

Dear Santa,

Letter to SantaThis is my first ever Christmas letter to you. I don’t like to ask for much, but I’m desperate. I’ve been a website for, gosh, going on three years now. Don’t get me wrong, I love my job. My owner’s great, new people visit me every day from all around the world, and my graphics are to die for. There’s never a dull moment, even when my owner is sleeping. Which of course, I never do.

But there’s a problem. My owner is so busy building the business, managing cash flow, and getting orders out the door, that she has little time for things like website security. Besides, she says she doesn’t have a technical background and know much about cybersecurity.

And that has left me feeling, well, vulnerable. Which is not a good thing on the Internet when I’m completely exposed to so many strangers. But my owner really needs the website to showcase her work and generate online orders. And being blacklisted by the search engines would make her very upset. But I worry about what might happen if she doesn’t put everything else aside, just for a moment, and think about website security.

With that in mind, here are just a few things that I would absolutely love this year. Not really for me, but for my owner. I’m doing all this for her, which I think is a very unselfish act. So I hope you’ll do your best to get me as many things on my list as you can.

Here goes.

  • First, I’d love someone to watch over me. I know where my weaknesses are, but my owner doesn’t, and she doesn’t have the time to guard me every second of the day. So a website security or monitoring service would be just great. Everyone can sleep easier and I’ll feel much less naked and vulnerable.
  • A new password would be great. Would it be asking too much to ask for a new website password say, every three months? Maybe one with a number or two, or heaven forbid a special character!? That could significantly reduce the chances that hackers will guess or crack my password and have access to who knows what. And a strong, random, and well-protected password would be ideal. I mean, what good is a password if it doesn’t do its job very well. Not complaining or criticizing, just saying.
  • This might be asking too much, but any chance you could help me get rid of this stuff I’m not using anymore. I feel so bogged down lately with all this old, outdated code and images that no one even uses. It takes every bit of my energy to just load a simple page. I know I could be so much faster and lighter with just a bit of a clean-up  – I’ll be a whole new website, you’ll see!
  • I don’t want to sound selfish, but could I ask for a little something else for myself? Nothing fancy, but I’ve worked so hard all year I think it would help my spirits and confidence as we get ready for yet another year. Patches. I’d like some patches, or updates. I am up to my gills in all kinds of third-party programs that the web designer thought would be so very cool to burden me with. But he’s easily distracted and he’s forgotten about most of them. Now at least half of them have serious and known vulnerabilities that have never been patched or updated.

Anyway, I hope I didn’t take up too much of your valuable time. And I hope you’ll see that what I’m asking for is not for me. I even know of a company that can help you with this. To make things easy, I’ll provide you with the number to SiteLock website security. It’s 855-378-6200. They’re available 24/7/365 to help!

 

Ecommerce Security for Black Friday, Cyber Monday and Beyond

e commerce securityAs Thanksgiving weekend approaches, your customers may be gearing up to make some big purchases. And how safe and secure they feel about your website could determine how much of their hard-earned cash will end up in your pocket.

Read More

SiteLock Website Security

3 Ways to Improve Your Website Security

Website security is one of those things that needs to be addressed (the horror stories of hacked websites are everywhere), but it tends to get put off for many reasons. Some of us underestimate the importance of securing our website, some are afraid it will be expensive, and some think it will be too hard to manage without an IT person on staff. The truth is, website security is critical to your business, but also very easy to implement.

We’ve listed three easy ways to improve your website security:

1. Ensure safe online shopping for your eCommerce customers

As an eCommerce website, you can maximize your sales opportunity by displaying a trust seal. Most website scanning services provide a trust seal to publish on the website’s homepage to show visitors that the website has been scanned and is free of malware and viruses. Trust seals are also used to boost customer confidence.

2. Update your plugins

This is one of the easiest things you can do to protect your website, and also one of the most important. Using outdated versions is the single most common way for a hacker to gain entry to your website, and all your information, and often that of your customers. So make a list of all the plugins and third-party software on your site, peruse it, and purge (uninstall) anything you no longer use. For the ones you do use and want to keep, make sure you have the latest versions and updates installed.

3. Educate your employees about phishing emails

If you are someone who is extremely cautious about opening emails from unknown or large company senders, it may be hard to believe anyone still opens phishing emails or (gasp!) downloads the enclosed attachments. But the reality is that not everyone is aware. And even those who are careful are often so busy and inundated with emails that a few might slip through the cracks. Plus, hackers are getting scary good at impersonating legitimate business emails – PayPal, FedEx, Apple, to name just a few – and luring victims to click on links in order to update account information, track a package, download an important update, etc. All you need is one employee to click on one of these fraudulent download links, and you could be handing over your entire business to a criminal. Financial data for you and your customers – stolen, and your reputation – ruined, in a matter of seconds.

Follow these three easy ways to improve your website security. If you need help with any of the items listed above, give the SiteLock experts a call 855.378.6200. We are available 24/7/365 to help.

Page 58 of 62

Powered by WordPress & Theme by Anders Norén