954-866-1600    Get SUPPORT

Evolution Networks Blog

Evolution Networks has been serving the South Florida area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why do HOAs need to know about Cyber Security?

Evolution-Networks-HOA-Cyber-Liability

Because everything is digitized, sensitive online information is subject to a cyberattack. Cyberattacks are “an attempt by hackers to damage or destroy a computer network or system,” according to Google.

This warrants serious concern for homeowners associations that digitally systemize resident information, including full names, current and former addresses, social security numbers, credit history, and contact information.

On top of sensitive resident information, most homeowners associations keep important HOA financial documentation on an digital system. From HOA fees to contractor paychecks to annual taxes, HOA finances would be a big loss.

What information do cyberattackers want?

Hackers are looking for personally identifiable information (PII) to sell on the “dark web.” The dark web is a digital black hole for stolen identities, fake passports, and other illegal activities. This means that resident information is in-demand currency.

If a cyberattack occurs in your HOA community, PII of former and current residents is at risk. This puts your community at a liability, and you in a courtroom.

What are common cyberattack methods?

The most common method of a cyberattack is an email scam like phishing. This is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers,” according to Google.

With the help of All Property Management, here’s a recap list and a few new tips for the best cybersecurity for HOAs:

Email Cybersecurity

  • Set up a spam filter.
  • Don’t open an email if you don’t know the email address.
  • Don’t digitally share sensitive information with any contact that you don’t recognize.
  • Don’t open zip files, download attachments, or click links from untrusted emails.
  • Set up a Google Alert for big data breaches and ransomware attacks.

Password Protection

  • Create strong password for any digital system in an HOA. A lengthy password that consists of a short, memorable sentence (also known as a passphrase) is better than a single word.
  • Incorporate as many letters, numbers, and symbols as each system allows.
  • Don’t use any dictionary words or names unless they’re part of a passphrase.
  • Use a mix of capital and lowercase letters.
  • Avoid using a common password.
  • Don’t reuse passwords or use a master password for multiple systems. If a hacker finds out the master password, all sensitive information is compromised.
  • Use a password management software like 1Password to create and store secure passwords for use across all systems. 1Password also stores usernames, account numbers, and other pertinent information.
  • Change the default password on the router. Anyone who tests the router has access to the entire digital community otherwise.

HOA Board Member Training

  • Limit who has the WiFi password. Visitors should be on a separate network.
  • Train all HOA board members on the importance of password protection, potential of cyberattacks, and best cybersecurity measures.
  • Decide which board members can access sensitive information. This minimizes who knows master passwords.

Software & Data Measures

 

  • Update all system software as soon as possible. An update creates a stronger version of the software. By choosing to update later, you’re using a weaker, more susceptible version.
  • Invest in an antivirus software to scan for potential Trojan horses, ransomware, and other cyberattacks.
  • Don’t hold onto records longer than required. This minimizes what could be stolen in a cyberattack.
  • Back up any data onto an offsite location. If you back it up to a cloud solution, talk to the provider about cloud security.
  •  

    Source: IKCommunity

    If you feel that your HOA could use a little more attention when it comes to Cyber Security, we're here to help.  Let's schedule some time to discuss.  Evolution Networks

    0 Comments
    Continue reading

    Has your browser been targeted by recent Malware attack?

    web-browser-800x600

    Chrome, Firefox, Edge, and Yandex are all affected in widespread ad-injection campaign.

     

    Adrozek, as the software maker has dubbed the malware family, relies on a sprawling distribution network comprising 159 unique domains with each one hosting an average of 17,300 unique URLs. The URLs, in turn, host an average of 15,300 unique malware samples. The campaign began no later than May and hit a peak in August, when the malware was observed on 30,000 devices per day.

    Not your father’s affiliate scam

    The attack works against the Chrome, Firefox, Edge, and Yandex browsers, and it remains ongoing. The end goal for now is to inject ads into search results so the attackers can collect fees from affiliates. While these types of campaigns are common and represent less of a threat than many types of malware, Adrozek stands out because of malicious modifications it makes to security settings and other malicious actions it performs.

    “Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats,” researchers from the Microsoft 365 Defender Research Team wrote in a blog post. “However, the fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated. In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks.”

    The post said that Adrozek is installed “through drive-by download.” Installer file names use the format of setup__.exe. Attackers drop a file in the Windows temporary folder, and this file in turn drops the main payload in the program files directory. This payload uses a file name that makes the malware appear to be legitimate audio-related software, with names such as Audiolava.exe, QuickAudio.exe, and converter.exe. The malware is installed the way legitimate software is and can be accessed through Settings>Apps & Features and is registered as a Windows service with the same file name.

    The graphic below shows the Adrozek attack chain:

     

     

    Once installed, Adrozek makes several changes to the browser and the system it runs on. On Chrome, for instance, the malware often makes changes to the Chrome Media Router service. The purpose is to install extensions that masquerade as legitimate ones by using IDs such as “Radioplayer.”

    Bad extensions!

    The extensions connect to the attacker’s server to fetch additional code that injects ads into search results. The extensions also send the attackers information about the infected computer, and on Firefox, it also attempts to steal credentials. The malware goes on to tamper with certain DLL files. On Edge, for instance, the malware modifies MsEdge.dll so that it turns off security controls that help detect unauthorized changes to the Secure Preferences file.

    This technique, and similar ones for other affected browsers, has potentially serious consequences. Among other things, the Preferences File checks the integrity of values of various files and settings. By nullifying this check, Adrozek opens browsers up to other attacks. The malware also adds new permissions to the file.

    Below is a screenshot showing those added to Edge:

     

    The malware then makes changes to the system settings to ensure it runs each time the browser is restarted or the computer is rebooted. From that point on, Adrozek will inject ads that either accompany ads served by a search engine or are placed on top of them.

    Thursday’s post doesn’t explicitly say what, if any, user interaction is required for infections to occur. It’s also not clear what effect defenses like User Account Control have. Microsoft makes no mention of the attack hitting browsers running macOS or Linux, so it's likely this campaign affects only Windows users. Microsoft representatives didn’t respond to an email asking for details.

    The campaign uses a technique called polymorphism to blast out hundreds of thousands of unique samples. That makes signature-based antivirus protection ineffective. Many AV offerings—Microsoft Defender included—have behavior-based, machine-learning-powered detections that are more effective against such malware.

    Source: ARS Technica

    0 Comments
    Continue reading

    Tip of the Week: Spotting a Phishing Attempt

    Tip of the Week: Spotting a Phishing Attempt

    With email being such a huge part of doing business, phishing has become a favorite tool of many scammers. To fight back, it is key that you know how to recognize a phishing email, so we’re dedicating this week’s tip to doing just that.

    0 Comments
    Continue reading

    Tip of the Week: Warning Signs of a Phishing Attack

    Tip of the Week: Warning Signs of a Phishing Attack

    The modern cyberattack is more of a slight of hand than it is a direct attack. With encryption protecting a lot of business data, hackers need to find ways to circumvent that technology. They often do this though phishing. This week, we will take a look at some of the warning signs of phishing to help give you a little better awareness. 

    0 Comments
    Continue reading

    Don’t Be Snagged by This Google Calendar Phishing Scam

    Don’t Be Snagged by This Google Calendar Phishing Scam

    Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

    0 Comments
    Continue reading

    For Cybersecurity Awareness Month, Keep Looming Threats in Mind

    For Cybersecurity Awareness Month, Keep Looming Threats in Mind

    Any business in operation today needs to keep modern realities concerning cybersecurity at top-of-mind if they are going to successfully maintain the business going forward. One major issue to be cognizant of is the increasing prevalence of phishing attacks.

    0 Comments
    Continue reading

    Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

    Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

    It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

    0 Comments
    Continue reading

    How to Properly Train Your Staff to Avoid Phishing Attacks

    How to Properly Train Your Staff to Avoid Phishing Attacks

    In the late 1970s and early 1980s, Bell telephone companies were making a mint off of offering the ability to call your friends and family that lived outside your predefined region, charging up to $2 per minute (during peak hours) for long distance calls. The problem for many people was that these regions kept shrinking. Some people decided to combat this costly system by reverse engineering the system of tones used to route long-distance calls, thus routing their own calls without the massive per-minute charges demanded by long-distance providers. These people were called Phreakers, and they were, in effect, the first hackers.

    0 Comments
    Continue reading

    With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

    With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

    Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

    0 Comments
    Continue reading

    Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

    Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

    Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

    0 Comments
    Continue reading

    Learn to Use Email Safely

    Learn to Use Email Safely

    Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:

    0 Comments
    Continue reading

    Protect Your Business From Phishing Attacks

    Protect Your Business From Phishing Attacks

    Spam is a major hindrance when running a business that relies on email, but it’s easy to protect your employee’s time from the average spam messages with the right technological support. Unfortunately, hackers have adapted to this change and made it more difficult to identify scam emails. More specifically, they have turned to customizing their spam messages to hit specific individuals within organizations.

    0 Comments
    Continue reading

    SMiShing: A New Mobile Computing Scam

    SMiShing: A New Mobile Computing Scam

    Chances are, you’ve heard of phishing before--emails that promise some benefit or prize if you only click on the included link, that actually only results in trouble for you and your data. Unfortunately, as technology has embraced mobility, so have phishing attempts. This is why you must also be aware of SMiShing scams.

    0 Comments
    Continue reading

    Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

    Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL

    Phishing attacks have been around for decades, first being recorded in 1995 where scammers would pose as AOL employees and request a user’s billing information through instant messages. Nowadays, email phishing attempts have tricked users into handing over personal information of all kinds. There are many methods of identifying a phishing attempt, but today we’ll focus on one.

    0 Comments
    Continue reading

    How a Single Hacker Stole $100 Million From Two Major Tech Companies

    How a Single Hacker Stole $100 Million From Two Major Tech Companies

    An unfortunate fact about the modern business world is that any organization that utilizes technology is playing with fire. Cyber attacks can circumvent even the most well-protected networks through the company’s users. This is, unfortunately, something that business owners often don’t learn until they’re on the receiving end of an attack; just like the two companies that fell victim to phishing attempts that were supposedly operated by Evaldas Rimasauskas, a Lithuanian hacker who has been accused of stealing $100 million from them.

    0 Comments
    Continue reading