The State of the Internet: Cause for Concern

The State of the Internet: Cause for Concern

Written by SOS Tech Group on . Posted in IT News, Technology

fiber optic cables

In light of Mark Zuckerberg’s recent testimony on Capitol Hill regarding Facebook’s use of data and role in foreign nationals influencing the American public with engineered news, many questions have been asked about just how we utilize the Internet in 2018.

 

We’ve come far from the days of digital bulletin boards and dial-up modems. Now, our interface with the internet is seamless, and reflexive. It touches every aspect of our lives, from relationships to business, art, science, recreation and finance. But is the system we place ourselves wholeheartedly into ultimately healthy, in its own right? And that begs a second question – is it healthy for us?

The Mozilla Foundation, a known open source pioneer and the creator of the Firefox browser, recently published a report on the health of the Internet. Their goal was to foster a wider understanding of the human experience of the Internet – from connectivity barriers, to economics, to security and privacy, to online harassment – and find out how those issues all relate to each other, and find the existing patterns in these previously separate experiences. In short, changing the perception of the Internet from a technology experience, to a fundamentally human one, with a very real impact on the well-being of people in a number of ways.

 

With Big Tech

 

Companies such as Google, Amazon and Facebook have market share and influence the likes of which have never been seen before. They are seamlessly ingrained into almost all facets of our lives, from civil discourse & public engagement, right down to the contents of your refrigerator and washing machine. They built the internet through innovation, by dreaming big, and giving us exactly what we wanted. It’s not their wealth which makes them dangerous; it’s their market share. Are they now too big to fail, knowing that they take the convenience of modern culture, along with all of our personal data, with them?

 

With Fake News

 

One of the founding ideals of the Internet was almost true democracy and the openness of knowledge. In 2018, it looks more like targeted product placement and the manipulation of the data you’re shown based on how an algorithm believes you think. A growing number of people source at least 30% of their news from social media, one of the most malleable platforms for fake news. A story need not be ‘true’, it need only be ‘liked’ and ‘shared’ enough for the appearance of validity. Since some of these ‘news’ stories tend to be extreme or alarmist, to either side of the political spectrum, they become nothing more than propaganda for special interests at best, foreign spies at worst. Russian citizens were able to use Facebook pages to organize social protests, and even counter-protests to the original protests they had created. It’s no stretch to see the tools used in that case turned to causing outright violence and creating panic during disasters.

 

We are no longer separate from the Internet. It’s now a part of almost everything we do. It is very much a human system now. Keeping the Internet open, free, and diversified is the key to a prosperous and free 21st century.

Technology Impact: Self Driving Cars

Written by SOS Tech Group on . Posted in IT News, Technology

The innovation of self-driving cars has been happening behind the scenes for a few years now. It’s also been happening on public roads without much fanfare and in courtrooms with much more attention.

The two front runners in the field which will readily be available to consumers are Waymo, a Google spinoff, and Uber, the ridesharing pioneer that’s looking to become a disruptor in another field. There’s no clear leader yet, but the victor will be the organization that can acquire the best talent in data analytics and fast learning, both human and machine.

Driverless cars operate using a variety of cameras and sensors positioned strategically on a vehicle, in addition to a combination of LIDAR and RADAR to assess the environment the car travels through with enough distance to predict outcomes of other objects and vehicles on the road. Surprisingly, the amount of hardware needed to process that information is small; in fact, Chevrolet is using cars right off their factory floor with some small additions, to operate its Cruise service, due out in 2019.

What is also surprising is that while Waymo is investing a large sum of both capital and engineering expertise, it doesn’t plan on actually selling these driverless vehicle systems direct to consumers; instead it will leverage the technology in its rideshare platform.

 

But before you hop into an automated car for a quick trip across town, are they really safe?

 

Currently, legislation is before Congress to remove conventional automobile safety regulations from thousands of self-driving cars on the roads today, as the field of driverless technology is evolving so rapidly that attempts to regulate would be obsolete as soon as they are put into law. What makes more sense, is that more scrutiny is applied to Waymo, Uber and the like to make their test and operational data collected thus far to be available to authorities and the public at large. This would create oversite of a hard-to-govern new technology and provide transparency while allowing progress to move forward.

 

We are already sharing the roads with the future in some states, and a safe driverless taxi platform isn’t very far away.

WannaCry A Year After

Written by SOS Tech Group on . Posted in Computer Security

wannacry

WannaCry was a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. While infecting a target computer, it encrypts the contents of the hard drive, denying access to the user, then demands a ransom payment, in the form of untraceable bitcoin, in order to restore access.

 

WannaCry arrives on the infected computer in a self-contained program that extracts the other components embedded within itself, which include the encryption keys, and a copy of Tor, a dark web browsing tool.

 

The program code was easy for professionals to analyze. Once launched, WannaCry proceeds to encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s, then displays a ransom note, typically demanding $300 in Bitcoin to restore access.

 

The initial spread of WannaCry was particularly noteworthy, in that it struck a number of high-profile & critical systems, such as the National Health Service in the UK, Nissan Automotive’ s manufacturing facilities in the UK, the University of Montreal, Boeing Commercial Airplanes in the US, and PetroChina, just to name a few. Victims were advised against paying the ransom demands, as the attackers were not restoring access after the ransom had been received. After the initial attack, payments totaling $130,635 USD were reported to the bitcoin wallet assigned to the ransom payments.

 

The last week in March 2018, Boeing Aircraft was hit by an evolved version of WannaCry, which is incredibly surprising, given the scope of last year’s initial attacks and the notoriety they gained. The vulnerability used by WannaCry was reasonably easy to patch and correct, so why did a Fortune 100 company with a massive and competent IT staff fall victim to it a year after Zero Day?

 

It seems security patching is still an overlooked practice. It’s routine, time-consuming and basic, but very important, considering that known vulnerabilities are still used in attack exploits up to 10 years after they’ve been exposed. Knowing that a solution exists but not implementing the patches and updates needed to close the vulnerability still leaves your enterprise vulnerable to exploitation. Managed service providers are critical partners in your business because you rest assured that all available upgrades and patches for known vulnerabilities are occurring regularly, and in accordance with best IT practices across the board.

 

Business continuity and disaster recovery devices are also part of a mature defense against ransomware. By allowing data from compromised systems to be recovered with minimal losses, you can minimize the impact from attacks of this caliber.

 

SOS Technology Group is always available to assist with implementing these solutions, call us today.

7 out of 10 Affected: Will You Be One?

Written by SOS Tech Group on . Posted in Computer Security

Seven out of ten medium to enterprise level businesses expect to be impacted by cybersecurity breaches in 2018, with more than 25% of those anticipating a breach to occur within the next six months.

 

Most businesses are in the dark with the true efforts involved in the breaches that have occurred, and because of that, most businesses are not very confident that they would even be able to detect a breach, let alone how to remediate the damage done in the aftermath.

 

Around half of all security breaches are employee-related, either through bad actors using inside knowledge, or through lapses in attention or awareness. Most senior IT professionals agree that the insider breach is the biggest threat in network security. With this in mind, it’s important to constantly monitor what your internal users are doing on a daily basis, to form a complete and comprehensive strategy based on real-world actions and behaviors. Learning where your vulnerabilities lie is the first step into determining possible vectors for a breach, and creating a balance between employee education and security technology is crucial to attacking an insider breach, either accidental or overtly malicious.

 

Protection from the breach includes antivirus & spyware detection programs, email filtering, firewalls, and a robust data backup/archiving platform. But these tools are only as good as the people who use them, and the people protected by them. Your employees need to understand all the potential harmful effects of risky behavior, like clicking links in unknown emails, sharing passwords on sensitive systems, or downloading attachments from unknown sources, even if those sources look legitimate.

 

Being mindful of your human attack surface is critical as well. Human attack surface is defined as the totality of all exploitable ‘holes’ in security that are created solely by the activities and vulnerabilities of human beings within the organization. This includes things like employee illness, terminations, negiliance, errors and an individual’s susceptibility to social engineering through sites and apps like Facebook, Instagram, and the like.

Increasingly, social engineering is such a serious threat that is now being considered as an attack surface all on its own. One way to combat social engineering is to conduct routine penetration testing that simulates common attack methods used in social engineering breach attempts. Penetration testing can also determine vulnerabilities from negligence and routine errors, especially focusing on employees with specialized access, high-level administration or critical duties within your organization, as these individuals are likely to be key targets in social engineering attempts.

 

SOS Technology Group can assist your business in facing these threats confidently and knowledgably. Consult with us today.

Social Media Monitoring: Organic Front Line Cybersecurity

Written by SOS Tech Group on . Posted in Computer Security

If you’ve done business in the last decade, you know how important a social media & web presence can be. It maintains your brand, grows your new customer base, and allows focused engagement with your current clients. Anywhere where people talk, they might not be saying just good things about your business. They might be offering honest feedback, or they could be dishonestly disparaging you. At worst, they could be planning to rob you, or make your business a victim of tragic circumstance.

What is social media monitoring?

By searching publicly accessible social media like Twitter, Facebook and Instagram in near real time for keywords or phrases, valuable intelligence can be gained. These social sites are crawled and indexed, and then the indexes built are scoured for key terms, phrases or word strings, and are then collated through an interface to present in a more usable form. By seeing which other words are connected more frequently to your business name, you can get an idea of how you’re presenting socially on the Internet. Taken a bit further, you can see demographics that are interested in your business, and what else they may be interested in to.

But the heart of this utility is security.

Planned protests at your business, or shoplifters showing off their wares can really impact your brand and your profits. Simply knowing that your place of business is close to areas known for a specific kind of crime or risk is immeasurable. Most social media monitoring tools go beyond social networking platforms and can scour the web at large, given an even more accurate picture. And there’s still another piece of security this monitoring can touch.

Suppose you are a victim of a breach, and someone has taken credit card information from your point of sale servers. Eventually, those stolen credit cards will probably wind up somewhere on the dark web, to be bought and sold by users around the globe. Certain metadata, or very basic information that is always tied to a person, like date of birth or social security number, is almost always attached. By turning to a monitoring service that is constantly searching and indexing the dark web for, say, your business’s email addresses or phone numbers, or the names of customers you know might be affected by the breach, you can provide valuable warning to the public and law enforcement in real time. Knowing what was taken can also provide you with the steps needed to remediate the problem in the future, addressing any vulnerabilities you have with your IT department or provider.

Giving your patrons quick notification of breaches and exploits, and the steps you’re taking to prevent them from happening again, shows that you are concerned with their security as well as your own, and are taking every effort you can to keep them safe….

Tech Headaches? We can help! Contact us now »