Gateway worries: The crucial role of password security

 

Image result for password securityImage source: cybersecurity-insiders.com

As primary points of access, passwords are one of the crucial vulnerabilities in cybersecurity. Cybercriminals go to great lengths to crack them and rely on a plethora of tricks to do so. Although a perfect solution to password security is next to impossible, people can still find ways to bolster their password’s security and give cybercriminals a hard time guessing them.

The first step toward bolstering password security is creating a password that’s difficult to guess on the onset. The very necessity of a password means that people will habitually default to key phrases familiar to them, a tendency that cybercriminals are more than willing to exploit, either through repetitive guesswork or, far frequently, through automated systems.

When creating passwords, people should avoid obvious phrases or even correctly-spelled random words. This would, sometimes, lead to passwords that are a jumbled mess of vaguely identifiable words and characters; while safe by a wide margin, such passwords are difficult to remember.

Image result for password securityImage source: instructables.com

For those having memorization trouble, the best recourse would be to create a password vault to keep copies of the passwords under lock and key. This is exceptionally useful for those with multiple accounts; it’s often better to have a different password for every account rather than a universal one.

No system is perfect, and passwords are no exception. Relying solely on password protection may not always be sufficient, especially for sensitive data. Adding two-factor authentication can help companies add an extra layer of protection for their data.

SiteLock offers a broad array of cybersecurity solutions to defend business websites from cyberattacks. Visit this website for more on the company’s services.

Advertisements

How do cybercriminals employ social engineering?

Image source: techspot.com

When a cybercriminal is able to infiltrate the systems of a company, chances are they did not do so with brute force. Through various means, they can dupe people into giving out valuable information that grants them access. In order to do so, they gather as much information as they can in preparation for the attack. This is called social engineering.

Social engineering can be done in many ways, but the goal is the same — get information that can be used against individuals to fool them into giving them access information.

Phishing scams are the most common and widely used method of social engineering. Cybercriminals use this to get information such as names, addresses, phone numbers, and so on. They target people whom they see do not have much aptitude toward cybersecurity.

Image source: bitcoin.com

For example, an HR personnel from a company would not have vast knowledge about cybercrime or cybersecurity. An attacker can call their local number pretending to be the company’s IT guy and act like they’re fixing their network access.

Phishing can also be done by sending these non-security savvy people fake emails that contain malicious contents such as a keylogger. A keylogger records keystrokes made by an individual computer. By studying the keystrokes, a cybercriminal could find useful information until they get enough to access the company’s systems.

SiteLock is a key player in business website security solutions, serving more than 8 million customers worldwide and boasting of the highest PCI compliance rates in the industry. To know more about its services, visit its website.

The do’s and don’ts of dealing with ransomware

 

 

Image source: mcrinc.com

Ransomware threats against enterprises are becoming more prevalent by the minute, infecting a growing number of computer systems around the world. The mission behind these threats is simple: extort money from victim entities before restoring encrypted data. Here are some do’s and don’ts to go by when dealing with these cyber threats.

DO’s
Remove the affected system from the network as well as the threat itself. Restore any affected files from a known good backup, as it’s the fastest way to regain access to impacted data.

Do install, configure, and maintain an endpoint security solution, as it will serve as the final line of defense against any threat. The solution should be comprised of protections against file-based threats as well as protections for downloads, browsers, and firewall, to name a few.

Do educate the organization on the different ways that ransomware can penetrate the system, such as through Spear Phishing attempts or unsolicited e-mails (with attachment) coming from unknown senders. Beware of new ransomware variants appearing regularly, so keep security software and services up to date.

Image source: netswitch.net

DON’Ts
Do NOT pay the ransom, even if it appears to be a sensible response. Doing so will only encourage and fund the attackers, perpetuating the system. And even if the ransom is paid, it is not a guarantee that the victim will regain access to the affected files. The first rule is never to negotiate with the hostage takers.

Do not be careless in handling unexpected emails, especially those containing links and/or attachments. Be particularly wary of Microsoft Office email attachments that advise enabling macros to view content, unless absolutely sure that it is a genuine email from a trusted source.

Do not take data backups for granted. Make sure that backups are sufficiently protected or stored offline so attackers cannot delete them.

Founded in 2008,SiteLock is a business website security solutions company that offers complete, cloud-based website protection. Read more about its services on this website.

Petya, one of the most brutal cyber-attacks in history

Image source: indianexpress.com

Ask any computer expert, IT professional, cybersecurity company head, or even law enforcement personnel, and they’d be quick to tell you that ransomware is one nasty piece of work. It is a feared type of malware that encrypts files and offers encryption keys, for a price. It can enter PCs through emails, browsers, and websites. There is no cure for ransomware once it infects its intended target. The only hope for those who are victimized is to just pay up.

The Petya attack is one of the most notable occurrences of ransomware in the history of cyberspace. It happened a month after the Wannacry ransomware attack and was also perpetrated by hackers who have still yet to be identified. The method they used in planting the malware was through a backdoor exploit that was created by the NSA. This connection is what led lawmakers to believe that the criminals behind these acts were if not one and the same, at the very least acquaintances.

Image source: cnbc.com

What made the Petya attack extremely difficult to deal with was that it was a highly-evolved ransomware strain that not only encrypted files but entire hard drives as well. Everything from websites to PCs was rendered useless by this.

The Petya attack stands out today as a primary example as to why people have to secure their websites and computers at all costs.

SiteLock provides website security for businesses. Learn more about SiteLock by visiting its website.

How to prevent drive-by download attacks

Image source: blog.cybertraining365.com

Over the past years, the number of cyberattacks has continued to increase, and one of the primary causes is the increased occurrences of drive-by download attacks.

Numerous hackers prefer this tactic because it is relatively easy to accomplish and it provides them access to a huge amount of personal, and even confidential, data. To do this, they need to find a way to install a malware on the computer of the victim, and drive-by download is an effective method.

They trick computer users into inadvertently installing the malicious software through executable files sent via email or by visiting Internet web pages.

Image source: en.publika.md

There are various ways, though, to prevent drive-by download attacks. And the best way is to avoid clicking on shady, untrusted links and denying websites permission to run unknown software on the computer. For organizations, employees who are given access to their own computer should not have administrative privilege to limit the likelihood of installation of unwanted programs.

But because hackers are continuing to devise new means of performing drive-by download attacks, it is also recommended to install web filters, up-to-date antivirus and firewall software, web script and pop-up blockers, and other web security solutions.

Since 2008, SiteLock has served more than eight million customers worldwide with a broad range of web security solutions that fix threats, prevents future attacks, accelerates site performance, and meets PCI compliance standards. For more information about the company, visit its official website.

More ways cyber criminals attack websites

Technology is a double-edged sword. It can be used to make everybody’s lives easier. It can also be a tool for chaos and destruction. The advancement of tech doesn’t only benefit tech experts developing new ways to secure websites, it also affords hackers and other cyber criminals different avenues of infiltration. Here are a few more ways websites can be attacked.

Image source: digitalunite.com

SQL Injection

A structured query language, or SQL injection attack wreaks havoc on servers that contain important information for websites that use SQL. Malicious code is used to trick the server into giving up critical info the server tries to hide. If the server hides private customer info for the website, then and SQL attack is even deadlier.

XSS

XSS or Cross-Site Scripting is similar to the SQL injection attack as it enters malicious code into a website as well. The differences though are that XSS attacks users, not information, and that the code creates trouble, not in the website itself, but in the user’s browser.

Image source: techlekh.com

Credential Reuse

Credential reuse is one of the most common attacks used nowadays since most users today have multiple logins and passwords to remember. There is no specific program here since hackers have developed countless ways to amass usernames and passwords. Cyber criminals use these credentials for many purposes, most of them illegal and harmful.

SiteLock specializes in providing high-quality website security for businesses. Learn more about SiteLock and the work they do here.

Getting ahead of malware with a few password tips

The web attracts some of the most vicious online threats whose ultimate objective is to make people miserable. Sometimes, they can even make money out of this. This is why all sorts of malicious ware target personal information.

The ordinary person would feel at ease, because he is certain that his online account is password protected. But truly, the average password is not very hard to crack. There’s still a possibility that one’s password is more predictable than one thinks.

Image result for phishing scams in passport
Image source: mashable.com

The intelligence behind phishing scams knows this most of all. Negative elements on the web bank on the fact that a password is possibly a derivative of a person’s birthday or name. This is why most online accounts tend to discourage using a password that is close to these.

You can never truly know who is watching you or making a note of your online behavior. The best passwords are those which have almost no relation at all to one’s persona. Something like a favorite adjective or a numerical code is relatively safe. To make it even safer, you can certainly use a combination of both.

Image result for malware with a few password tips
Image source: entrepreneur.com

Be creative in thinking of a password. You can think of interchangeable characters that would make sense to human beings, but not to bots. Replace your letter ‘E’ with the number ‘3’, your letter ‘I’ with an exclamation point, or your letter ‘S’ with the dollar sign. These are only a few ways, but there are many other methods for you to come up with a less predictable password.

Also, it helps if your system has a trusted and proven web security threat solution that comes along with responsible password creation.

SiteLock is the only web security solutions company to offer holistic, cloud-based website protection for over 8 million customers worldwide. Discover the latest trends in web security on their website.

Some facts about the recent Wannacry ransomware

Image result for Wannacry ransomwareImage source: huffingtonpost.in

Just this April, one of the biggest security breaches ever recorded made its presence felt in economic proportions, making life difficult for most of cyberspace. A malicious presence on the Internet, aptly named Wannacry, left many organizations in tears. Here are some facts about it.

Estimated numbers have indicated that at least 200,000 computers that run on Windows have been infected in Europe. When China pitched in its report, the number added a significant 40,000 more.

The ransomware affected Windows computers because of certain vulnerabilities of the operating system. Obviously, the perpetrators did their homework. What is even more amazing is the fact that they made use of a technology created by no less than the NSA, which was leaked by hackers previously.

Image result for Wannacry ransomwareImage source: guidingtech.com

Ransomware acts like a worm virus, in that it spreads from one computer to another in a network. This is how the virus was able to compromise a huge number of computers. It was quite effective in taking information hostage.

Upon successful penetration, the virus abducts the data stored in the computer, which it uses to ask for a fee so that the information can be salvaged by the user. The price is $300 worth of bit coins.

The virus was averted by accident, but the experts also say that another impending attack is expected.

There’s no better time than now to make sure that a trusted web security partner is in place, especially for big businesses.

SiteLock is the only web security solutions company to offer holistic, cloud-based website protection for over 8 million customers worldwide. Discover the latest trends in web security on the company’s website.

Web security: The profile of a typical prey

Image result for web securityImage source: pressreleases.responsesource.com

Web security threats have various ways of ruining a company. Today, surviving business entails proper management of information. Unfortunately, malicious elements on the internet are always on the lookout for potential prey companies.

Web security threats exist only to harass huge organizations. Typically, a strong company which has successfully established itself is one that earns a lot of money. The fact that it sustains itself means that it has a strong footing in terms of the revenue it generates. When an online threat has the capability to take information hostage, it may as well milk the money off companies that can pay.

Another prey trait on the radar of such threats is a huge number of employees. The more employees a company has, the more gateways are opened when they access information on the internet using company’s resources. These are small cracks that serve as entry points for malicious internet threats.

Image result for online threatsImage source: calendar.activedatax.com

Finally, online threats have a special preference for information-heavy companies. If a company has a lot of servers housed in various places, chances are, online threats are already keeping tabs on them.

These threats are real, and they are terribly unforgiving when it comes to any opportunity that can be exploited to compromise information. They simply work to do one thing alone, and that is to make life difficult for many vulnerable organizations and get peoples’ money.

SiteLock has comprehensive cloud-based website protection that automatically fixes threats and prevents future attacks. For the latest in web security, check out its website.

The persistence of SQL injection attacks

Image result for SQL injection attacksImage source: sitepoint.com

Around 20 years after the first reported attack of its kind, SQL (structured query language) injection (SQLi) continues to pose a major threat to web security. Back in 2012, it had been observed that every month a normal web application received four attack attempts, with retailers getting twice as many.

The hacker responsible for the SQLi attack on the Wall Street Journal website last 2014 described it as the easiest way to hack, taking only a few hours to complete.

SQL is a programming language used to manage data in a relational database management system and to stream processing in a relational data stream management system. Whenever a website has to process or display information from the database, SQL is used.

Image result for SQL injection attacksImage source: nskconsultants.com

Without securing it from vulnerabilities, hackers can inject codes and enter malicious commands into forms on the website, enabling them to siphon personal, corporate, or federal information. They can also tamper with existing data, alter transaction details, disclose or destroy all data written in the system, or even become the database administrator themselves.

The relative ease of exploiting database vulnerabilities has pushed hackers to develop various forms of injection, such as classic SQLi, blind SQLi, database management system-specific, SQLi, and compounded SQLi.

SiteLock is a global leader in business website security solutions. One of their specialties is database protection, probing the website to detect weak spots just like how a hacker would. To know the company’s broad range of web security services, visit this website.