Technology

Mobile Devices Magnets for Security Breaches

phone.png

by Chris Bianco, TeamLogic IT – Myrtle Beach

Researchers in an IDG/Lookout survey of 100 business executives were surprised that 74 percent of the leaders polled said they had experienced a mobile-related security breach.

Maybe the revelation shouldn’t have been so surprising, given that 82 percent admitted that ‘most’ of their corporate data was accessible via mobile devices. Still, the news may be instructive to security-conscious companies that also have BYOD policies and practices in place. Survey respondents identified several sources through which their companies suffered data breaches, including:

• Vulnerable mobile apps (38 percent)

• Malware-rigged mobile apps  (30 percent)

• Unsecured WiFi connections (30 percent)

• Rooted and jailbroken devices (30 percent)

• Mobile apps that send or access sensitive data (28 percent)

• Apps downloaded from nonofficial  stores (15 percent)


Mobile devices are seldom a cyber thief’s primary attack vector, and none of the recent big-time breaches has been attributed to mobile devices. In fact, says InformationWeek’s Dark Reading blog, Windows PCs tethered to mobile WiFi devices, hotspots, and smartphones are the bad-guys’ sweet spot, accounting for 80 percent of all malware infections on today’s mobile infrastructure.

Still, it would be a big mistake to ignore mobile security best practices or discount the possibility of mobile breaches occurring in your company, especially given projected increases in the number of mobile users.


TeamLogic.jpg

About TeamLogic IT – Myrtle Beach 
From user end-points such as laptops, desktops and smartphones to servers, virtualization, cloud computing and IT optimization - TeamLogic IT covers your entire network both onsite and off premise so your data is there for you, when you need it. Their managed IT services are provided by an engineering team that is not only highly skilled, but constantly upgrading their own certifications in the dynamic and ever-changing technology field to better serve you. To learn how TeamLogic IT can help your business, visit TeamLogic IT or call 803-232-92

How to Prevent and Detect Cryptojacking

by Chris Bianco, TeamLogic IT – Myrtle Beach

Cryptojacking, illegally creating e-coin value for one’s own electronic piggy bank, requires massive computing power that far exceeds one or even dozens of PCs linked together. The practice, perpetuated by a new breed of cybercrooks called ‘crypto miners,' displaced ransomware last year as the top malware threat. To succeed, crooks must surreptitiously commandeer the power of other people’s servers and computers. The more machines they can jack, the more booty they can scam.

Last year, incidents involving machines in Russia, India and Taiwan netted hackers more than $3.6 million in value in just one month. The threat is growing rapidly because it requires only modest technical skills, and because exploit kits can be bought on the dark web for as little as $30. Moreover, the risk of being detected, caught and identified is far less than with ransomware or other attacks. With cryptojacking, crooks’ primary goal is to steal and use your machines' processing power, not to infect, ransom or pilfer network data. This typically happens in two (equally) nefarious ways: 1) with phishing-like tactics, using legitimate-looking emails that trick victims into clicking a poisoned link, and 2) by infecting websites or pop-up ads with ‘scripts’ that secretly deploy when clicked or displayed in a browser.

Script codes work continuously in the background, siphoning CPU cycles to line miners’ electronic pockets. Infections manifest through degraded performance and annoying system slowdowns. Overheating (from excessive CPU usage) and unusual spikes in energy consumption are other telltale signs of compromise. Make no mistake: the resulting costs can add up quickly. “Organizations with [multiple] cryptojacked assets can incur [significant labor and other] costs, in terms of help desk support and IT’s time replacing components.” 

You can reduce your company’s risk of unwanted cryptojacking through vigilant network monitoring (accompanied by strategic data analysis) and employee awareness training. Other defensive measures may include ad blockers, anti-mining browser extensions, web filtering and endpoint protections, all of which should be discussed in detail with your IT team and/or managed services provider.

If your systems aren’t performing normally or your users need additional security training, call TeamLogic IT today. 


TeamLogic.jpg

About TeamLogic IT – Myrtle Beach 
From user end-points such as laptops, desktops and smartphones to servers, virtualization, cloud computing and IT optimization - TeamLogic IT covers your entire network both onsite and off premise so your data is there for you, when you need it. Their managed IT services are provided by an engineering team that is not only highly skilled, but constantly upgrading their own certifications in the dynamic and ever-changing technology field to better serve you. To learn how TeamLogic IT can help your business, visit TeamLogic IT or call 803-232-92