4 Common Types of Spyware and How To Detect Them

In this article, we'll discuss what spyware is, the common types of spyware, and how you can protect yourself, your employees and your data from spyware.

What is Spyware?

Spyware is a malicious piece of software that continuously monitors your computer's activity and internet use. Its purpose is to gather information, often referred to as traffic data, which can include keystrokes, screenshots, websites visited, or various types of personal or sensitive information. The data can be used in a wide variety of ways, including selling it to interested entities or for identity theft, in some cases. Knowing these common types of spyware and how to detect them is very important.

A system can get infected with spyware, pretty much the same way as it does with other types of malware, including Trojans, viruses, worms, etc. They can either take advantage of various security vulnerabilities such as when the user clicks on an unfamiliar link in an email, or just visiting a malicious website. Users can willingly download them if they are advertised as all sorts of useful tools or as freeware (free software.)

Why Does Spyware Matter?

With phishing attempts getting savvier by the day, it's critical that your employees are well educated on how they can prevent and detect phishing attacks. We've seen companies with threat protection in place still get fooled by various phishing attempts as they're getting harder to spot these days.  Many are coming disguised as people you know and correspond with regularly. Just recently, a CEO of a company fell victim to a phishing attempt and they had to sell out hundreds of thousands of dollars to get their data back. Humans are the first and last line of defense, so it's critical to educate employees on how to prevent this from happening.

 

How To Determine Whether Your Computer is Infected with Spyware

The best way to detect this type of software is to have an up-to-date firewall, anti-malware, or antivirus software installed on your device. These will alert you in case there is any suspicious activity or any other kinds of security threats on your PC.

Nevertheless, other telltale signs may indicate that one or more pieces of spyware software have made it into your system. These rarely operate alone on your computer, meaning that your device will have multiple infections. In this case, users will at times notice a degradation in the system's performance such as a high CPU activity, disk usage, or inexplicable network traffic.

Various programs and applications may experience regular crashes or freezing, a failure to start, or even a problem in connecting to the internet. Some types of spyware can also disable your firewall and antivirus, alongside other browser security settings, resulting in a much higher risk of future infection. If you encounter any of these issues, the chances are that spyware or other forms of malware-infected your system.

What are the Common Types of Spyware?

Usually, the functionality of any given spyware depends on the intentions of its creator. Here are four examples of the most common types of spyware.

Keyloggers - Also known as system monitors, keyloggers are designed to record your computer's activity, including keystrokes, search history, email activity, chat room communications, websites accessed, system credentials, etc. More sophisticated examples can also collect documents going through printers.

Password Stealers - As their name would suggest, these types of spyware will collect any passwords inserted into an infected device. These may include things like system login credentials or other such critical passwords.

Infostealers - When a PC or other device is infected with this type of spyware, it can provide third parties with sensitive information such as passwords, usernames, email addresses, log files, browser history, system information, spreadsheets, documents, media files, etc. Infostealers usually take advantage of browser security vulnerabilities to collect personal data and other sensitive information.

Banking Trojans - Like info stealers, banking trojans take advantage of browser security vulnerabilities to acquire credentials from financial institutions, modify transaction content or web pages, or insert additional transactions, among other things. Banks, online financial portals, brokerages, digital wallets, and all sorts of other financial institutions can fall prey to these banking trojans.

Conclusion

The digital environment comes with its inherent risks, as is the case with these spyware or other forms of malware. Fortunately, however, various people and tools can help you, and your company stays protected from these online threats.

Spyware: What is It and How to Remove It?

The vast majority of threats encountered online are collectively known as malware. This term can refer to a wide variety of issues including spyware, adware, viruses, rootkits, Trojans, and other such malicious software. We are going to discuss spyware: what is it and how to remove it.

As some of us know, spyware is computer software that is installed without the user's knowledge or consent and which is specifically designed to collect various types of information. The information may be related to the user's internet surfing habits, or it can be personal information that the user inputs into the computer.

Spyware can also be used by businesses legally to keep an eye on their employees' day-to-day activities. These are commonly known as keyloggers. Nevertheless, the most common use for this type of software is to steal someone's identity, or worse.

What's more, once a computer is infected with spyware, there are additional problems that may also arise. Your system may start working slower without explanation, as the spyware is secretly eating up memory and processing power. Your web browser may have an additional toolbar, or the browser may present a different home page.

Error messages may also appear on screen, as well as previously-unknown icons that may pop up on your desktop. These are just a few telltale signs of spyware finding its way into your system.

Below are several steps that you can take to remove any spyware that's on your computer.

The Traditional Uninstall

Though it may seem surprising, some spyware and adware applications do have fully functioning uninstallers, which means that you can remove them from your Windows' own Control Panel.

In the Add-Remove Programs list, search for any unwanted programs listed there and uninstall them. Be careful not to confuse any useful apps or programs with spyware. Reboot your system after the procedure was successful, even if you are not prompted to do so.

Computer Scan

Most spyware, especially the dangerous kind, do not have the previously-mentioned option, in which case you will need to remove it via an up-to-date antivirus scanner. You will first need to disconnect your computer from the internet. If your antivirus allows it, perform the scan in Safe Mode.

If by any chance you don't have an antivirus installed, which you definitely should, choose one of these free versions, or go for the paid variants for better results. Whenever you are using these tools, always make sure to update them. New spyware is created on a daily basis, and only up-to-date antivirus software will be able to detect and remove them.

Undo any Potential Damage

After one or both of the steps mentioned above have been performed, make sure that the spyware will not reintegrate back into the system once you reconnect it to the internet. To do that, however, you will have to reset your browser start and home pages, make sure that it hasn't hijacked your HOSTS file or that any undesirable websites haven't been secretly added to your Trusted Sites List. Only after you've completed these steps, it is a good idea to reconnect to the internet.

Conclusion

Like with any other online threat out there, the best way to protect yourself is through prevention. Make sure that no spyware will make it into your computer by keeping your security systems up-to-date. Likewise, be more skeptical about what programs you install on your PC, especially if it is part of a package or if it promises something that seems too good to be true. Contact us today to discuss possible solutions.

 

Don’t like Mondays? Neither Do Attackers.

Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.

Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.

Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.

Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.

Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.

The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.

While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.

Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.

There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.

A commitment to security and transparency at Microsoft Inspire 2017

[vc_row][vc_column][vc_single_image image="17724" img_size="large" alignment="center"][vc_column_text]

A commitment to security and transparency at Microsoft Inspire 2017

As written on blogs.microsoft.com
Microsoft Inspire (formerly Worldwide Partner Conference) gathered 16,000 attendees from around the world last week in Washington DC. At the event, Microsoft reaffirmed its commitment to its partners and its mission to “empower people to be more productive”. To kick off an exciting week, CEO Satya Nadella made five major announcements during the first vision keynote, including the introduction of Microsoft 365.

Commitment to security and transparency

During the vision keynote on day two, President and Chief Legal Officer Brad Smith provided updates and affirmation of Microsoft’s commitment to security and privacy. Smith promised dedication to security, saying, “Technology for technology’s sake isn’t particularly valuable. Applying technology towards solving human problems is where you unlock the value”. Smith presented a four-part integrated approach to confront ever-evolving cybersecurity threats: Platform, Intelligence, Partners, and Policies. With the cloud being bigger than ever before, Smith says every business has a digital opportunity. Microsoft has committed “new energy, new focus, new resources” to responding to security threats faster and better than ever before. These cloud principles and improved security features in Microsoft 365 will give partners better end to end security management. Better security and transparency help Microsoft and its partners build trust, and “move technology forward without leaving people behind”.

Security focused product announcements

Microsoft 365
Microsoft 365 is a new solution that combines software, management, and security options into a single subscription. Partners can choose from two solutions, Microsoft 365 Enterprise and Microsoft 365 Business. Both options provide productivity and security capabilities and a cohesive experience across applications and devices, while simplifying delivery and management for IT.
GDPR
Partners can play a vital role in General Data Protection Regulation, or GDPR, by assessing customers’ readiness and helping them adapt to it.
Security Partner Playbook
Help your customers protect against breaches, detect breaches, and respond to breaches with a comprehensive security solution. This playbook focuses coverage on Microsoft products and services that play a critical role in securing this environment. Download the playbook here.
Microsoft Introduces the New Secure Productive Enterprise Offer
Microsoft recently announced its new hero offer called Secure Productive Enterprise (SPE). SPE provides the latest technology across Windows, Office 365, and Enterprise Mobility + Security (EMS). Frankly, it couldn’t come at a better time as businesses and consumers are increasingly aware of cybersecurity concerns. Here’s what partners can expect in terms of security capabilities from the innovative Microsoft stack and how they can leverage those capabilities to serve customers.

Conclusion

Inspire was surely an inspiring week for the partners who attended. With continued advances in the cloud and a better way for partners to build a modern, cohesive, and secure work environment with Microsoft 365, it should also be an exciting year.

[vc_cta_button2 h2="" title="Cloud Comparison Calculator" size="lg" position="bottom" accent_color="#dd9933" link="url:http%3A%2F%2Fwww.managedsolution.com%2Fcloudtco%2F||"]

Managed Solution is in the top 1% of Microsoft Cloud Service Providers worldwide, and a premier partner aligned with Microsoft’s mission to empower every person and every organization on the planet to achieve more.

Download our Cloud Comparison Calculator to receive access to the latest in cloud pricing aggregation, your all up cost of on premises vs. a cloud hosted solution

[/vc_cta_button2] [/vc_column_text][/vc_column][/vc_row]

How Azure SQL Threat Detection acts as your built-in security expert

[vc_row][vc_column][vc_column_text][vc_single_image image="11015" img_size="900x500" alignment="center"]

How Azure SQL Threat Detection acts as your built-in security expert

By Ron Matchoro as written on blogs.msdn.microsoft.com
Azure SQL Database Threat Detection has been in preview for a few months now. We’ve on-boarded many customers and received some great feedback. We would like to share a couple of customer experiences that demonstrate how SQL Threat Detection helped to address their concerns about potential threats to their database.

What is SQL Threat Detection?

SQL Threat Detection is a new security intelligence feature built into the Azure SQL Database service. Working around the clock to learn, profile and detect anomalous database activities, SQL Threat Detection identifies potential threats to the database. Security officers or other designated administrators can get an immediate notification about suspicious database activities as they occur. Each notification provides details of the suspicious activity and recommends how to further investigate and mitigate the threat.
Currently, SQL Threat Detection on Azure SQL Database detects potential vulnerabilities and SQL injection attacks, as well as anomalous database access patterns.  The following customer feedback attests to how SQL Threat Detection warned them about these threats as they occurred and helped them improve their database security.

[/vc_column_text][vc_column_text]

Case #1: Attempted database access by former employee

Borja Gómez, architect & development lead at YesEnglish
SQL Threat Detection is a useful feature that allows us to detect and respond to anomalous database activities, which were not visible to us beforehand.  As part of my role designing and building Azure-based solutions for global companies in the Information and Communication Technology field, we always turn on SQL Auditing and Threat Detection, which are built-in and operate independently of our code.  A few months later, we received an email alert that “Anomalous database activities from unfamiliar IP (location) was detected”. The threat came from a former employee trying to access one of our customer’s databases, which contained sensitive data, using old credentials.  Because SQL Threat Detection allowed us to detect this threat as it occurred, we were able to remediate the threat immediately by locking down the firewall rules and changing credentials, thereby preventing any damage. Such is the simplicity and power of Azure.

Case #2: Preventing SQL Injection attacks

Richard Priest, Architectural Software Engineer at Feilden Clegg Bradley Studios and head of the collective at Missing Widget:
Thanks to SQL Threat Detection, we were able to detect and fix code vulnerabilities to SQL injection attacks and prevent potential threats to our database. I was extremely impressed how simple it was to enable threat detection policy using the Azure portal, which required no modifications to our SQL client applications. A while after enabling SQL Threat Detection, we received an email notification about ‘An application error that may indicate a vulnerability to SQL injection attacks’.  The notification provided details of the suspicious activity and recommended concrete actions to further investigate and remediate the threat.  The alert helped me to track down the source my error and pointed me to the Microsoft documentation that thoroughly explained how to fix my code.  As the head of IT for an information technology and services company, I now guide my team to turn on SQL Auditing and Threat Detection on all our projects, because it gives us another layer of protection and is like having a free security expert on our team.”

Case #3: Anomalous access from home to production database

Manrique Logan, architect & technical lead at ASEBA:
“SQL Threat Detection is an incredible feature, super simple to use, empowering our small engineering team to protect our company data without the need to be security experts.  Our non-profit company provides user-friendly tools for mental health professionals, storing health and sales data in the cloud. As such we need to be HIPAA and PCI compliant, and SQL Auditing and Threat Detection help us achieve this.  These features are available out of the box, and simple to enable too, taking only a few minutes to configure.  We saw the real value from these not long after enabling SQL Threat Detection, when we received an email notification that ‘Access from an unfamiliar IP address (location) was detected’.  The alert was triggered as a result of my unusual access to our production database from home.  Knowing that Microsoft is using its vast security expertise to protect my data gives me incredible peace of mind and allows us to focus our security budget on other issues.  Furthermore, knowing the fact that every database activity is being monitored has increased security awareness among our engineers.  SQL Threat Detection is now an important part of our incident response plan.  I love that Azure SQL Database offers such powerful and easy-to-use security features.

How to turn on SQL Threat Detection

SQL Threat Detection is incredibly easy to enable. You simply navigate to the Auditing & Threat Detection configuration blade for your database in the Azure management portal. There you switch on Auditing and Threat Detection, and configure at least one email address for receiving alerts.

Managed Solution is a full-service technology firm that empowers business by delivering, maintaining and forecasting the technologies they’ll need to stay competitive in their market place. Founded in 2002, the company quickly grew into a market leader and is recognized as one of the fastest growing IT Companies in Southern California.

 

We specialize in providing full Microsoft solutions to businesses of every size, industry, and need.

[/vc_column_text][/vc_column][/vc_row]

Why Every Small Business Needs a BDR Plan

[vc_row][vc_column][vc_column_text]

Why Every Small Business Needs a Backup and Disaster Recovery Plan

20151013163656-storm-putside-window-looking

By Larry Alton as written on www.entrepreneur.com
As a digitally active business in 2016, you can’t afford to lose your data. Whether at the hands of a natural disaster, human error, or cyber attack, data loss is costly and extremely risky. That’s why you need a backup and disaster recovery solution.
What is BDR?
As a small business owner, you’ve probably asked yourself this simple question at least once: “What is BDR?” Well, the most basic definition is a combination of data backup and disaster recovery solutions that are designed to work together to ensure uptime, diminish data loss, and maximize productivity in the midst of an attack, natural disaster, or other compromising situation. In other words, BDR solutions keep businesses safe when trouble strikes.
According to research by Security Week, the total volume of data loss at the enterprise level has increased more than 400 percent over the past couple of years and the trend doesn’t appear to be slowing down any time soon. With the rise of big data, cloud computing, and BYOD policies in the workplace, it’s becoming increasingly challenging for businesses to protect their private data.
IT Web suggests that the total cost of data breaches will be more than $2.1 trillion by 2019. This is in part due to the fact that small businesses don’t always take security seriously. They wrongly assume that it’s the big corporations that face the highest risks. Unfortunately, this is a false assumption.
A Verizon report says that small data breaches -- those with fewer than 100 files lost -- cost between $18,120 and $35,730. Unless these are expenses that you can easily sustain, it’s time to implement a BDR plan.
Five reasons why SBOs need a BDR plan.
When small businesses don’t have a BDR solution/plan in place, it’s typically because they’re unclear about the true value of BDR.
Let’s review some of the top benefits to give you an idea of why these solutions are so important to the health of your small business.
1. Protects against effects of natural disasters. Whether it’s a flood, earthquake, hurricane, blizzard, or other extreme natural disaster, there are plenty of uncontrollable circumstances that can cause your business to experience downtime. And, according to the National Archives and Records Administration, more than 90 percent of companies that experience at least seven days of data center downtime go out of business within a year. Let that sink in. While a BDR plan won’t prevent a natural disaster from occurring, it will protect your data and ensure that downtime doesn’t compromise your company.
2. Lessens impact of cyber attacks. As more and more data is moved online, cyber criminals are increasing their efforts and focusing on businesses that they believe are unprotected. In most cases, this means small businesses that appear vulnerable. Once again, a BDR plan can limit the impact of an attack and can prevent your business from losing valuable data.
3. Keeps client data safe. Do you store a lot of confidential client or customer data? If so, you can’t afford to lose this data or let it slip into the wrong hands. A BDR plan ensures that all of this information is properly stored and controlled. As a result, you don’t have to worry about damaging your brand reputation, should an unforeseeable incident arise.
4. People make mistakes. While natural disasters and cyber attacks are discussed more than anything else, the reality is that your own employees are sometimes responsible for the biggest data losses. Mistakes happen and a single poor choice can end up compromising data. That’s why it’s so important for businesses not only to train employees properly, but also invest in backup solutions.
5. Systems fail. Finally, we all know that hardware, machines, and other systems fail. Regardless of how much you spend on your technology, no solution is perfect. Even systems that come with 99.9 percent uptime guarantees will falter every once in a while. As such, businesses must invest in robust BDR plans that account for all of these risks.
What to look for in a BDR solution.
Once you determine that your business needs a BDR plan in place, how do you find the right solution? While every business is different, start by analyzing the following:
•Hardware compatibility. Depending on the hardware that your business uses, you may need a BDR solution that’s specifically tailored to your current setup. Keep this in mind as you compare options.
•Scalable pricing. As your business grows over time, you’re going to collect and store more data. A flexible pricing model will allow you cost-effectively to scale according to your demands.
Around-the-clock support. You never know when disaster will strike. Make sure that your BDR vendor has 24/7/365 technical support available.
•Strong reputation. Finally, it’s important to consider the BDR solution’s reputation. How long has it been on the market? What do customers say? The answers to these questions will tell you a lot.
If you can find a BDR solution that meets these four criteria, then you’ve probably found the right solution for your business.
Protect your business.
Nobody wants to assume that something bad is going to happen to their business – and hopefully you’ll never be exposed to any of the risks highlighted in this article – but the harsh reality is that you’ll likely face one of these issues at some point in the future.
There’s no way to prevent a cyber attack, natural disaster, technical malfunction or uncontrollable human error, but you can protect your business from costly data loss by investing in a solution that aids in data backup and disaster recovery. Frankly, it’s unwise to wait any longer.

 

Managed Solution is a full-service technology firm that empowers business by delivering, maintaining and forecasting the technologies they’ll need to stay competitive in their market place. Founded in 2002, the company quickly grew into a market leader and is recognized as one of the fastest growing IT Companies in Southern California.

We specialize in providing full managed services to businesses of every size, industry, and need.

[/vc_column_text][/vc_column][/vc_row]