EU Promises 100MB Broadband and Internet Speeds for All

Merkel, Hollande And Juncker Meet Over Greece Crisis

EU Promises 100MB Broadband and Internet Speeds for All

          The European Commissions has recently announced that they are aiming to have broadband and internet, of 100 MB speeds available to the public within the next four years.

Yesterday at the European State of the Union Address, European Commission president Jean-Claude Juncker recently made a statement about how many places such as schools, hospitals, universities, and many other organizations are very reliant on digital technologies, as well as saying that they should have access to gigabit internet.[1]

The European Commissions has made a promise and set out a plan in which 100 MBPS internet, as well as 5G mobile communications systems across Europe within the next four years. The EC has been given a grant, with a budget of £120 million for public authorities to be able to invest in state-of-the art technology that can give wireless connections to the public. However, the European Parliament has yet to approve of it, and if they do, the money can become available to before the end of 2017.[2]

The commissions has also set a goal for all households in the EU to have access to download speeds of 100MB by 2025, as well as their goal for being able to have 5G mobile services available for the EU. They are attempting to redefine internet service into a “universal service.” This would however, exclude older universal services, for example like a payphone. 2

Along with the services becoming available to the public within the next four years, there will also be some laws, such as the “Google Tax,” law that is proposed along with the services. The Google Tax law states that, “publishers can charge aggregators for publishing snippets of their stories.” 2

The Google Tax rule is just one of the many laws that are proposed to go along with the services, probably one of the bigger laws that may affect people will be the proposed “YouTube Rule.”  The YouTube Rule is intended as a way for users to prevent the availability of the content they upload to certain users who do not have a copyright for that content. 2

There will be some exceptions to the YouTube Rule however, such as that certain users, such as those who may be attending a school, or a university will have access to those materials as a way of teaching, also text or even data mining under certain exceptions.2

Many are anticipating the new promise made by the European Commissions. If approved by the Parliament, the money should be available for spending before the end of 2017 and should begin to pave the way for better public internet speeds, as well as hopefully start the beginning of better mobile services.

[1] http://www.digitaltveurope.net/598542/ec-sets-out-100mbps-target-for-all-european-homes/

[2] http://arstechnica.com/tech-policy/2016/09/eu-digital-market-rules-free-wi-fi-5g-european-commission/

TeamViewer Hacks

TeamViewer Hacks

Welcome to the first blog from CPR-Computer Peripheral Repair.

Today we are going to talk about TeamViewer and everything that has happened to them over the past week. If you don’t know, TeamViewer is a service that allows professionals and consumers to access their computers remotely. Many customers of TeamViewer have been reporting that their PayPal accounts and other important data had been hacked into from their TeamViewer account. What was happening was people would be on their computers, TeamViewer would randomly open, and suddenly they would lose control. Once TeamViewer was open the user would totally lose control of the computer while the person on the other end could do as much damage as they wanted to.

Many people were getting extremely angry at TeamViewer for getting hacked, but it may not be their fault at all. The reason I say this is becase some popular social media sites (MySpace, Tumblr, Fling, and LinkedIn) have been subjected to large scale data thefts recently and once hackers had stolen the passwords from these social media sites, if the same password was used for TeamViewer they had an easy way to get in. This meant that it was not the fault of TemViewer, but unfortunately the fault of the user for using the same password for multiple different things.

Here is part of the official statement from some officials at TeamViewer:

“As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.

We are appalled by the behavior of cyber criminals and are disgusted by their actions towards TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage.”

The statement continued to say that there are two measures being put in place to stop all of the TeamViewer password problems. The first thing that is being instituted is something called “Data Integrity.” Data Integrity is supposed to be an automated monitoring system that detects when an account has been hacked. The second measure being created is called “Trusted Devices.” This will make any computer that is running TemaViewer for the first time ineligible to run the program until the owner of the account that is being signed in on the program has verified it through either an e-mail or through the TeamViewer phone app.

Our advice to you is first, if you have a TeamViewer account go change your password now. The other advice we have for you is to never use the same passwords across multiple accounts for different things.

Have a great day, and while you’re here check out all of our Managed IT Services

Social engineering – Beware the Silver-Tongued Devil

Social engineering – Beware the Silver-Tongued DevilLast week we wrote about one of the most deadly threats to your data; the various forms of the Crypto Locker virus. This week we discuss a different type of threat – Social Engineering.

Wikipedia defines this as: “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.”

I believe the key in this explanation is that you realize social engineering is often just the first step a hacker uses to perform a deadly attack later. It allows even rookie hackers the initial bit of information needed to get into your computer network and potentially run scripts created by the pros.

A simple phone call is the most common way this attack is carried out. To get into large businesses, the hacker might pose as an IT help desk technician and then attempt to get a user’s password. The user does not have to be a high level employee; any username and password will work. The key is just getting inside with proper credentials that allow the hacker to run various programs that find more information on how the IT structure is setup.       

Home users are also at risk via the phone; especially the elderly.

Slowly and patiently the hacker tries to gain the trust of the target, and then uses this to get access to sensitive information like password or bank account details. One of our main recommendations to clients is always use different passwords for each sensitive online area. This way, even if a hacker gets access to one account, they don’t have the key to the entire kingdom.

Probably the most famous incident of social engineering was the Trojan horse, used after an unsuccessful 10 year siege of Troy.  Thinking the Greeks have given up, they wheeled this “congratulations gift” inside their gates. Later that night a small force of soldiers exited the horse and opened the gates allowing their entire army to rush in. I’ll end the article with other ways this type of attack has been carried out in the past, but let’s jump right into some of the ways our firm can help you avoid this tragedy.

  1. Training is paramount, and the number one defense that businesses need to have in place. CPR can supply your firm with easy to understand training material that can be given to your employees. This will help educate your staff to recognize this type of attack.
  2. We can have meetings with your employees (maybe over lunch) to discuss various concerns on cyber security and make it worth their time. You may be surprised by how many people are genuinely interested in how to keep themselves, friends, and family at home safe from cyber criminals. Our staff always strives to speak in layman terms.
  3. We can perform social engineering attacks for you. We have conducted several of these in the past with rather good results. Even if we fail completely, you’ll come away with a greater confidence that your employees have a good understanding of this topic.
  4. CPR can alert you to the most current scams that come out at any given time. We read several publications each week that cover common forms that have that gained popularity. We just received an email from Dell stating they have seen a rise in these attacks, and even created a phone number you can call (8am-5pm Central) to report these scams to them: 866-453-1742.
  5. We can help lock down your overall network. Even if an employee falls victim to this type of attack, CPR can help you minimize the damage. We’ll cover this in our next article.

Unfortunately, nothing you can do will completely thwart the most talented silver-tongued devils. In 2011, a breach occurred at the security company RSA. This attack occurred via a phishing scheme and their parent company spent over $60 million dollars recovering from it. This was one of the first attacks against a company whose job it was to protect others.

In 2007, a man burgled the safety deposit boxes at an ABN Amro bank in Belgium to the tune of $27.9 million dollars. He used nothing but his charm to gain the confidence of several employees. Over time, he somehow obtained information on which boxes contained the most diamonds and the original box keys to make copies.

Everyone has heard of the “Nigerian Price” scam; needing your help to get money out of his country. These come in emails and seem laughable in so many ways.  Un-fortunately they actually somehow work. Recent research indicates that in 2013 such scams cost victims $12.7 billion worldwide; $82 million in the US.

Thieves somehow obtained the information of 40 million credit and debit card users from mega-retailer Target in 2013.  Investigators believe the attackers got into Target’s network using the credentials obtained from H VAC contractor Fazio Mechanical Services via a phishing email that contained the Citadel Trojan virus.

The Def-con conference is held every July where hackers come together to swap tips and show off cutting-edge technical exploits. Here is a fascinating story about one contestant, Shane McDonougall, who easily pulled the wool over a Walmart store manager’s eyes in 2012.

Shane used nothing but a telephone during the demonstration, and the audience burst into applause after the scam was completely successful.

“Social engineering is the biggest threat to the enterprise, without a doubt,” MacDougall said after his call. “I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness.”

As we said in bullet point #1, Training is paramount. Let CPR help you in this area.

Here’s one last beautiful attack… a fellow IT admin got a call from a telemarketer. Did he yell and scream? No, he went on the offensive like this:

Automated computer call: “Press 4 to speak with someone about your mortgage issues, or press 9 to not be contacted in the future”

<IT guy presses 4>

TM: “Hello, are you having problems paying your mortgage?

IT Guy: “Hi, this is the IT department. We intercepted your call as we detected a problem with your phone and need to fix it.”

TM: “Oh… ok, well what do we need to do?”

IT Guy: “We’re going to try fixing the settings by pressing 4-6-8 and * at the same time.”

TM: Ok, nothing happened.

<IT guy now knows he isn’t using a Polycom phone>

IT Guy: Are you using the new Polycom phones we just deployed?

TM: No, it’s a Yealink.

IT Guy: “Ok, I see. Let me check our technical documentation for the older Yealinks.”

<IT guy does a quick Google search: “yealink phone factory reset”>

IT Guy: “Alright, do you see an ‘OK’ button on your phone?

TM: Yes I do.

IT Guy: Good, you’re going to press and hold that button for 10 seconds.”

TM: “Ok, pressing it now.”

IT Guy: Perfect, let me know if you get a password request.”

TM: “Ok, nothing has popped up ye—“

<CLICK>

That’s right, the IT guy just made the telemarketer unwittingly factory reset his phone, and cannot make any more annoying calls until someone is able to reconfigure it. That’s what I call social engineering at its finest.

An Introduction to Ransomware

code

Ransomware… It seems like you can’t go a few days without reading about it in the news or seeing another company falling victim to it.  Ransomware is a dangerous form of malware that doesn’t attempt to destroy data directly. Instead, it locks it away using encryption and ransoms the access to the data back to the company – hence the name!

A brief history… Ransomware began with programs that would lock the user’s screen unless a ransom was paid – often claiming to be from the FBI or another legitimate organization. But as time has passed, the methods have become more and more sophisticated.

The current generation of ransomware encrypts (scrambles the data) files on the computer it infects, and searches for other computers on the network to infect. The files are scrambled in such a way that only the right key can unlock them – and it is that key which the creators of the virus use to convince you to pay up! Without this key, your data remains scrambled and unusable. Even worse, the newest generations also scramble the names of the files, so you have no way of knowing what files are held hostage, even if you catch the infection early on.

Ransomware is on the rise, with the FBI reporting that over 1,000 victims had reported infections of a single virus, and new variants being produced every day. Since most ransomware originates out of Eastern Europe and Russia, authors of the software are notoriously difficult to locate and prosecute.

The solution! The only real option is a combined approach, using both preparation and protection. At the rate Ransomware is growing, it will remain a relevant threat to the interests of businesses for some time to come. But don’t fret! A preparation approach with a disaster recovery plan will ensure that if your business becomes the victim of a ransomware virus, your data can be recovered without succumbing to the malware’s extortion.

But what about my backup plan? As ransomware evolves and grows, the viruses are becoming more savvy about seeking out directly connected backups and encrypting them, too. A backup is no good against such attacks if it’s just as vulnerable as the data it’s intended to protect! Maintaining a recovery plan that is capable of protecting you from ransomware viruses isn’t easy, and takes time and effort – the sort of project that requires the work of a dedicated IT staff or IT Consultant.

Who should you call? For a small business that seeks to protect itself against ransomware, a MSSP, or Managed Security Service Provider, can be a real benefit, in order to ensure the company gets enterprise-level protection from these sort of threats at a price they can afford, without the need to hire on full-time IT Staff. Having an MSSP will also protect your business from other threats, and managed IT services can be a boon to your bottom line!

 

Call us today to discuss our MSSP services!