Tag security

Article (PSA-0029)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: The Current Computer Security Landscape

The Internet is a very dangerous place. Computer security threats are a very real concern for any business or home that uses a computer. Symantec, a computer security provider, reported that ransomware attacks spiked in October 2023 and the number of organizations affected by ransomware was 66% more than a year earlier. Ransomware continues to be one of the most lucrative forms of cyber crime and, as such, remains a critical threat for organizations of all sizes as well as home based computer users.

So why is there so much malware, and what is the point? It comes down to money. As our society becomes more reliant on computers and mobile devices, we become more vulnerable to thieves extorting us out of our money. Locking you out of your devices and demanding money to unlock it or stealing and selling your personal information, such as banking and credit card information, is a huge money making industry. These attackers not only steal information, but once they have compromised a computer system, they can use it to attack others, and perform other illegal activities – masquerading as you!

Methods for infecting computers with ransomware and other malware are often quite sophisticated. Symantec says, “The main infection vector for ransomware is no longer botnets – instead, it is the exploitation of known vulnerabilities in public facing applications. Except for the ransomware payload iteself, attackers are increasingly eschewing malware while carrying out attacks. Many of the tools attackers use are legitimate software, either dual-use tools or operating system features. Windows operating system components are the most widely used legitimate software (so-called living off the land) used by attackers”.

Other types of legitimate tools used by attackers include remote desktop, remote administration and remote support tools. The web is also an absolute quagmire of malicious intent. Malicious payloads can spread through, what appear to be, legitimate emails, legitimate files, links, and websites. To make matters even worse, would be attackers can easily obtain “attack toolkits,” for free or purchased from the internet – making cybercrime easy and inexpensive to commit. Criminials now have access to advanced tools, such as templates for extortion attacks enabling them to exploit zero-day vulnerabilities in enterprise software. This allows the attacker to steal data from multiple organizations at once, netting itself a huge pool of victims from a single attack campaign.

It’s important for all computer users to have a basic understanding of these threats and to learn how to protect themselves. This series of short articles will provide an overview of malware threats, suggestions for infection prevention using available tools and a healthy dose of common sense. I will also provide you with some basic steps to take if you suspect your computer is infected. But for now lets take a look at malware.

What Is Malware?

The word “malware” is a portmanteau, blended from the words “malicious” and “software.” It is most often used as a catchall term for computer related threats such as viruses, spyware, adware, and other software installed without a user’s consent or knowledge.

Malware can get into your system in a variety of ways. Here is short, not exhaustive, list:

• Infected email attachments
• Infected removable storage such as portable “thumb-drives”
• Downloaded software
• Links in emails, social media websites, or instant messaging applications
• Vulnerabilities in legitimate Windows applications and features

Here are a few categories of malware, again, not exhaustive:

• Viruses are a kind of self-replicating software that can slow down or cripple systems, and destroy or alter data.
• Spyware is software that spies on computer users’ activity to steal passwords, online banking login credentials, and other personal information, typically by using a “keylogger”. A keylogger records the keys you press and sends it back to the attacker.
• Adware displays annoying pop-up ads, which can also contain malicious links.
• Scareware mimics a legitimate antivirus or anti-spyware service, saying a computer has been infected, then encouraging users to download (and pay for) a fake security solution. The downloaded software is usually malicious.
• Ransomware encrypts files on a computer, making them inaccessible until a specified ransom is paid. Ransomware is usually the payload of other malicious activity.
• Botnets are networks of infected computers used for illegal activities, such as sending spam emails or “denial of service” attacks.

Do You Need to Worry About Malware?

So you may be thinking this all sounds scary, but does it really affect me at home or at my place of business? Yes! It is not just large companies or government organizations that need to protect themselves. Anybody, home user or business, can be a victim of malware if not properly informed and protected.

If you are a business, your customers trust you with their personal information. If you are a home user you probably have precious family pictures or important documents stored on your computer. If you’re not taking steps to secure your data, your information is not safe. Information security breaches can have major financial and legal consequences.

Article (PSA-0011)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Security Update
Original release date: February 16, 2019

Security Update

“From the sudden spread of WannCry and Petya/NotPetya ransomware, to the swift growth in coinminers, 2017 provided us with another reminder that digital security threats can come from new and unexpected sources. With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so.” – Excerpt from Symantec 2018 Internet Security Threat Report (ISTR), volume 23, clarifications by Billy Long.

The Internet can be a dangerous and costly place. Network and computer security threats are a very real concern for businesses and home users alike. Symantec, the world’s leading cyber security company, reported an astounding 8,500% (yes, that’s correct eight thousand five hundred) increase in detections of coinminers on endpoint computers, a 92% increase in new downloader variants and an 80% increase in new malware on Macs.

Data and identity theft are a profitable sector, but that is not the only thing at risk in today’s Internet connected world. Your network connected device has processing power and that processing power has become a commodity to many “bad actors” who are diligently punching in to work each day.

These “attack teams” or “attack groups” are constantly developing methods for infecting devices and computers with malware for their own nefarious purposes. Malware can spread through, what appear to be, legitimate files, links or websites. What’s even worse is “attack toolkits,” can be downloaded for free or purchased from the Internet making cybercrime accessible and inexpensive to commit and allowing these crimes to be perpetrated by relatively unsophisticated attackers.

It’s important for all Internet users to have a basic understanding of these threats and to learn how to protect themselves. This article is the first in a series of articles which will provide an overview of malware threats, suggestions for infection prevention and steps to take if you suspect your computer is infected.

What Is Malware?

The word “malware” is a portmanteau, blended from the words “malicious” and “software.” It is most often used as a catchall term for computer related threats such as viruses, spyware, adware, and other software installed without a user’s consent or knowledge.

Malware can get into your system in a variety of ways. Here is short, non-exhaustive list:

• Infected email attachments
• Infected removable storage devices such as portable “thumb-drives”
• Downloaded software
• Links in email, social media websites, or instant messages

For more information on methods of attack and attack terminology, check out the “Threat Glossary” being compiled at the PSA Computer Services support website: https://psa-2.com/threat-glossary/

Do You Need to Worry About Malware?

So, you may be thinking this all sounds scary, but does it really affect me at home or at my small business? Yes! It is not just large companies or government organizations that need to protect themselves. Anybody can be a victim of cyber-crime if not properly protected.

If you are a business, your customers trust you with their information. If you’re a home-based user, you may have family pictures, important documents or business data stored on your computer. If you’re not taking appropriate steps to secure your network and data, your computer and information are not safe. Preliminary statistics indicate 1 in 3 people were hacked in 2018. Information security breaches can have major financial and legal consequences.

In the next article we will look at what network and computer protection is available to you and how to exercise common sense Internet usage to help reduce the probability of you or your business being compromised.

Tip (ST18-006)
Security Tip – Website Security
Original release date: November 01, 2018

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/tips/ST18-006

Tip (ST18-004)
Security Tip – Protecting Against Malicious Code
Original release date: September 28, 2018

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/tips/ST18-271

Tip (ST18-001)
Security Tip – Securing Network Infrastructure Devices
Original release date: June 21, 2018

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/tips/ST18-001

Article (PSA-0008)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Introduction to Proxy Servers
Original release date: April 17, 2018

Introduction to Proxy Servers

You may not know it, but every time you visit a website or connect with someone online, your internet connection gives your “computer address” to the site or person you’re connecting with.

This is done so the site or person knows how to get the requested information back to your computer. This “computer address” is technically known as your public Internet Protocol address or simply your “public IP address”.

Without a public IP address, you wouldn’t be able to do any online activity and other people and services online wouldn’t be able to reach you either. IP addresses are how the online world connects to one another.

Where does your IP address come from?

Your public IP address comes from your Internet Service Provider or ISP. In our area the most common ISP’s are Suddenlink, AT&T, 101Netlink, or Frontiernet. Whoever you pay for Internet service is responsible for assigning your public IP address, as well as for your Internet connection. Your smart device also uses an IP address when you’re browsing the web or using an app.

Most of us are happy to ignore the details of how all of this Internet stuff works, but there are a few concepts and security concerns about public IP addresses that we should be aware of as responsible Internet citizens. For example:

Many people are not comfortable with their personal information being so readily available on the Internet. If it bothers you as well, there are a few things you can do to make it more difficult to directly link your public IP to your other personal information. A solid first step is to use a proxy service or proxy server.

So what is a “proxy server”?

The word proxy means “substitute.” In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. It works like this: a client (you) are using a web browser to visit the psa-2.com support website, and your browser is setup to use a proxy server. After you type psa-2.com into your browser address bar, the request is sent to the proxy server. The proxy server then sends the request on to my server where psa-2.com is hosted. The homepage of my website is returned to the proxy server which then returns my homepage to your browser for viewing. This results in my website seeing the proxy server as the visitor, not you.

What Are The Benefits?

Now that you know the basics of how a proxy service or proxy server works, let’s see what the benefits are for you.

Proxy servers can hide your IP address (if they are set to do this), can send a different user agent so that your browser is not identified and can block cookies or accept them but not pass them to your PC or device. Therefore, when using a proxy server, you can be a lot more anonymous than when using a direct connection to the Internet.

Proxy servers may also have a role in improving security, especially when used in business networks. They can be set to block access to malicious websites that distribute malware and they can also provide encryption services so that your data is not easily mined by third-parties.

Fair Warning

Using proxy servers is not all about benefits and good stuff. They can pose problems as well, such as:

Conclusion

As you can see, proxy servers can be very beneficial, but if not careful, they can also be problematic. It all depends on how they are configured, how they are secured and by whom they are administered. A proxy server may provide all the benefits mentioned above or none of them. It all depends on how it was set up and why it was set up.

If you are thinking about utilizing a proxy service or proxy server, I would encourage you to contact your IT guy (or gal) for their input. “There is wisdom in a multitude of counselors”.

Article (PSA-0004)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: How Antivirus and Antispyware Work
Original release date: July 18, 2017

Both antivirus and antispyware software monitor your computer for potential threats.
If your computer is connected to the internet, you should have a functioning, properly licensed and updated antivirus and antispyware program. At a minimum the software you choose should offer “real-time” scanning, as well as “scheduled” scanning functionality.

“Real Time” scanning allows the software to continually scan files as they are downloaded to your computer, and will notify you if the file(s) you receive contain malware.

“Scheduled” scanning allows the software to scan all the existing files (or selected files) on your computer hard disk in a systematic effort to locate existing files that “look like” a virus.

• For those of you using Microsoft Windows 7, Microsoft offers a free anti-virus product called Microsoft Security Essentials in 32-bit and 64-bit versions. It can be used by home users and small businesses with up to 10 computers. See Microsoft Software License Terms for more information.
• For those of you using Microsoft Windows 8 or higher, Windows Defender comes integrated with the operating system and provides antivirus and antispyware protection.
• Both Microsoft Security Essentials and Windows Defender come at no additional cost – there’s nothing to buy, no subscriptions and no nagware – yeah I know, awesome!

Most antivirus and antispyware tools can identify suspicious software based on a list of known threats called “definitions.” Definitions should be updated automatically by the software and new updates should be provided when new threats are discovered.

Preventing Infection with Antivirus and Antispyware Software

Antivirus and antispyware software are basic tools that no home or business should be without.

In short, a single antivirus program, a single antispyware program and a single configured firewall is adequate. Installing more than one of any of these programs can generate a few notable issues. Let’s take a few moments to look at the biggest issues.

1. Each program running on your computer is using some of your system memory (RAM). The more programs running, the more RAM is used. When there is no more RAM available, your computer will begin to use your hard disk as a “type” of RAM. Hard disk access is not as fast as RAM access, and when your system has to start using the hard disk as RAM it greatly degrades the performance of your entire system.
2. Having more than one of these programs running on your system can result in a software conflict. If both programs are scanning your computer for “malicious activity” there is a high probability they will see each other as “malicious activity” causing a software conflict. This particular problem can be extremely frustrating and can lead to the next very challenging side effect.
3. Files necessary to the other scanning program can often be identified as “malicious”, and will be quarantined (made inaccessible) or removed, leaving the program corrupted. Trying to repair a program in this condition can be problematic to say the least.
4. Finally, maintaining the licensing and updates for your programs can be time consuming and expensive. I am a firm believer that “less is better”.

What to Do if You Suspect Infection

There is no guaranteed way to keep malware out. Installing and using antivirus and antispyware software, along with a healthy dose of “common sense” is a good start. But what does it look like when these tools fail? And what can you do about it?

The following may indicate your computer is infected with malware:

• Lots of pop-up windows or unexpected messages on your screen
• Unexpected toolbars appear in your web browser
• New icons or programs appear on your computer
• Your web browser home page changes or you are redirected unexpectedly to unknown websites
• Your computer suddenly seems slow, freezes, or crashes during regular use

If you suspect infection, you should:

• Download the most recent definitions for your antivirus and antispyware software
• Run a full scan using both tools (this will usually be much more in-depth and will take longer than the regular monitoring scans)
• Follow the software’s instructions to remove suspected malware

If removing malware this way doesn’t work, or if the malware returns when you reboot your computer, you should seek professional help from a qualified computer service provider. There are a few qualified local service providers, but PSA, LLC offers a “no-fix, no-pay” work guarantee – most shops do not. Call us at (707) 506-6228 for service.

Conclusion

No home or business should be without malware protection. Antivirus software, along with a firewall, coupled with a healthy dose of common sense are the key components to protecting your computers and networks from malware.

Alert (TA17-075A)
HTTPS Interception Weakens TLS Security
Original release date: March 16, 2017

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/alerts/TA17-075A

Article (PSA-0003)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Introduction to Malicious Software
Original release date: March 27, 2017

The Internet has become a dangerous place, and computer security threats are a very real concern for any organization or home that uses a computer. Symantec, a computer security provider, reported discovering more than 430 million new unique pieces of malware in 2015. That number is up 36% from the previous year. Kaspersky Lab, another computer security provider, reported close to 2 million registered notifications about attempted malware infections aimed at stealing money via online access to bank accounts.

So why is there so much malware, and what is the point? It really comes down to theft. Stealing, and selling your personal information, your banking and credit card information is a huge money making industry. These attackers not only steal your information, but once they have compromised your computer system, they can use it to attack others, and perform other illegal activities – masquerading as you!

Methods for infecting computers with malware are often quite sophisticated. Malware can spread through, what appear to be, legitimate files, links, or websites. What’s even worse is “attack toolkits,” can be downloaded for free or purchased from the internet making cybercrime easy and inexpensive to commit and can be perpetrated by relatively unsophisticated attackers.

It’s important for all computer users to have a basic understanding of these threats and to learn how to protect themselves. This series of short articles will provide an overview of malware threats, suggestions for infection prevention using antivirus, anti-spyware and firewall software, and steps to take if you suspect your computer is infected.

What Is Malware?
The word “malware” is a portmanteau, blended from the words “malicious” and “software.” It is most often used as a catchall term for computer related threats such as viruses, spyware, adware, and other software installed without a user’s consent or knowledge.

Malware can get into your system in a variety of ways. Here is a short, not exhaustive, list:

• Infected email attachments
• Infected removable storage such as portable “thumb-drives”
• Downloaded software
• Links in email, social media websites, or instant messages

Here are a few categories of malware, again, not exhaustive:

• Viruses are a kind of self-replicating software that can slow down or cripple systems, and destroy or alter data.
• Spyware is software that spies on computer users’ activity to steal passwords, online banking login credentials, and other personal information, typically by using a “keylogger”. A keylogger records the keys you press and sends it back to the attacker.
• Adware displays annoying pop-up ads.
• Scareware mimics a legitimate antivirus or anti-spyware service, saying a computer has been infected, then encouraging users to download (and pay for) a fake security solution. The downloaded software is usually spyware.
• Ransomware encrypts files on a computer, making them inaccessible until a specified ransom is paid. More information on ransomware can be found in these two articles:
  • http://www.psa-2.com/2016/09/ransomware-victims-urged-to-report-infections-to-federal-law-enforcement/
  • http://www.psa-2.com/2016/04/ransomware-and-recent-variants/
• Botnets are networks of infected computers used for illegal activities, such as sending spam emails or “denial of service” attacks.

Do You Need to Worry About Malware?

So you may be thinking this all sounds scary, but does it really affect me at home or at my place of business? Yes! It is not just large companies or government organizations that need to protect themselves. Anybody, home user or business, can be a victim of malware if not properly protected.

If you are a business, your customers trust you with their personal information. If you are a home user you probably have precious family pictures or important documents stored on your computer. If you’re not taking steps to secure your data, including using antivirus, antispyware and firewall software, your information is not safe. Information security breaches can have major financial and legal consequences.

In the next article we will discuss how antivirus and antispyware software works.

Article (PSA-0002)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Security, Is More Better?
Original release date: May 25, 2012

Is more protection really necessary? When is enough enough? Anti-virus, anti-spyware, anti-malware and firewalls, where does it all end?

First off, each case is different and depends on how the computer is used, and what the computer is used for. As a general rule of thumb, computer security can be broken up into two basic categories: “Online” and “Offline”.

Internet Connected Security Considerations:

1.) If your computer is connected to the internet, you should have a functioning, properly licensed and updated anti-virus program. At a minimum the anti-virus software you choose should offer “real time” scanning, as well as “scheduled” scanning functionality.

“Real Time” scanning allows the anti-virus program to continually scan files as they are downloaded to your computer, and will notify you if the file(s) you receive contain anything suspicious. This is “preventive protection”.

“Scheduled” scanning allows the anti-virus software to scan all the existing files (or selected files) on your computer hard disk in a systematic effort to locate existing files which may “look like” malware. This is “active protection”.

 
For those of you using a Windows operating system, Microsoft offers free antivirus protection.

• For Windows 7 you can download and install Microsoft Security Essentials. Not only is this free for home users, but it can also be used, free of charge, for small businesses with up to 10 computers.
• For Windows 8, RT, 8.1, RT 8.1 and Windows 10 the anti-malware software is built right in. It’s called Windows Defender.

 

2.) If your computer is connected to the internet, you should have a functioning, properly licensed and updated firewall. A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer.

A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.

A “Software” firewall is installed directly on your computer. Microsoft operating systems have shipped with a software firewall built-in since the release of Windows XP service pack 2.

A “Hardware” firewall in most homes and small businesses will be your router. Routers provide protection to help prevent your computer from being “seen” from the Internet. With a hardware firewall there’s nothing to install on your computer.

There are “paid for” firewall products available, but I would recommend taking a close look at the built in firewall of the operating system you are currently using (if it offers one) before running out and purchasing the newest firewall product. For the majority of computer users the built in firewall is more than adequate.

Non-Internet Connected Security Considerations:

If your computer will not be connected to the internet, ever, then you are at liberty to relax your protection considerably, allowing more of your systems resources to be used on applications. However, there are still some very important considerations. If you will be using storage media containing files from other computers which are connected to the internet, then there is still the possibility of infection. If your computer will never be connected to the Internet, and you will never load files from another machine onto your computer, then you can bypass anti-virus security software all together. If your computer will be using files from another computer then you should have an anti-virus program installed.

Is More Protection Really Necessary?

In short, for a computer connected to the Internet, a single anti-virus program, a single configured firewall and a healthy dose of common sense is adequate. Installing more than one anti-virus program can generate a few notable issues. Let’s take a moment to look at the most critical of these issues.

(1) RAM Depletion. Each program running on your computer is using some of your system memory (RAM). The more programs running, the more RAM is used. When there is no more RAM available, your computer will begin to use your hard disk as a “type” of RAM. Hard disk access is not as fast as RAM access, and when your system has to start using the hard disk as RAM it greatly degrades the performance of your entire system.

(2) Software Conflicts. Having more than one anti-virus program running on your system may result in a software conflict. If both programs are scanning your computer for “viral activity” there is a high probability they will see each other as “viral activity”, causing a software conflict. This particular problem can be extremely frustrating and can lead to the next very challenging side effect.

(3) System Corruption. Files necessary to the other anti-virus program can often be identified as “malicious”, and will be quarantined (made inaccessible) or removed, leaving the anti-virus program corrupted. Trying to uninstall or repair a program in this state can be problematic.

(4) Unnecessary Complexity. Finally, maintaining the licensing and updates for your anti-virus programs can be time consuming and expensive.

Revisions

• May 25, 2012: Initial Publication
• May 24, 2016: Rewording For Better Clarity