Quick overview of the PoS Malware

In the past two years, stories of data breaches affecting companies’ PoS systems have kept everyone talking. The media hype sparked when a PoS RAM scraper was deemed responsible for the 148 million-dollar Target breach in 2014. But no one expected this to evolve into a more sophisticated, stealthy threat than the malware du jour.

Despite improvements in card security technologies, next-generation PoS malware has been seen making new victims, as Trend Micro researchers recently uncovered.

Dubbed “Operation Black Atlas”, the broad-targeted campaign uses various known exploits and entry points to reach as many victims as possible, as opposed to going after individual users via social engineering or spear phishing attacks. This time, attackers have stepped up their game, introducing a new player in the data exfiltration process: the Gorynych botnet. Its primary role is to transfer stolen credit card data to outside servers, but also to avoid defensive software and install malicious payloads like BlackPOS, CenterPOS, Project Hook, and PwnPOS.

Using security tools easily attainable online, Black Atlas can easily overwhelm a small business’ cyber defenses.

“Operation Black Atlas has already spread to a multi-state healthcare provider, dental clinics, a machine manufacturer, a technology company focusing on insurance services, a gas station that has a multi-state presence, and a beauty supply shop”, Trend Micro said in a blog post. “It continues to spread across small and medium-sized businesses across the globe”.

This is only one of the latest in a series of attacks that have plagued small and medium-sized companies this year. Unfortunately, SMBs remained primary attack targets in 2015. In the third quarter, they represented 45 percent of the incidents involving PoS malware, according to a report.

Quick overview of the most dangerous PoS threats exposed by security experts in 2015:

  1. NitlovePOS – captures and ex-filtrates payment card data by scanning the running processes of a compromised machine. It then sends this data to a webserver using SSL. (May 2015)
  2. Katrina – latest version of the prolific PoS malware Alina (a well-known PoS RAM scraper that was first discovered in 2012), was first spotted in underground forums in June 2015.
  3. FighterPoS – has affected more than 100 victim organizations in Brazil and stole 22,000 unique credit card numbers. (April 2015)
  4. MalumPoS – has collected data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries. It is configurable to target other systems such as Oracle Forms or Shift4 systems. (June 2015)
  5. GamaPoS – spreads through the Andromeda botnet and targets a wide-range of industries: pet care, theatre, furniture wholesale, home health care, online market stores, retail, records storage facility, employment agencies, credit union, restaurants, software developer for insurance and telecom and industrial supply distributors.
  6. Poseidon – communicates directly with command-and-control servers, self-updates to execute new code and has self-protection mechanisms guarding against reverse engineering.

7. ModPOS – highly modular malware (uploader/downloader, keylogger, RAM scraper, plugin installer) that uses multiple methods of obfuscation and encryption to evade even the most sophisticated security controls (alleged victims: Hilton and Starwood hotels).

How to strengthen security defenses?

Identifying and mitigating a point-of-sale breach is extremely difficult, that is why IT administrators should stay up to date with the latest developments in PoS malware and focus on prevention. In 2016, innovative cybercriminals will figure out new ways to exploit holes found in PCI DSS requirements and breach systems by crafting new data-gathering and exfiltration techniques.

And despite having limited in-house resources as compared to larger organizations, SMBs need to tackle the same advanced cyber-threats.

Here are ten practical steps to make sure your company stays breach-free in the following year:

  1. Practice network segmentation via firewalls and isolate the cardholder data environment from the Internet.
  2. Network monitoring helps you keep your business healthy so it’s important to regularly assess risks and vulnerabilities of the system.
  3. Change default system passwords and use two-factor authentication for remote systems.
  4. Use a multi-layered endpoint security program with strong malware protection such as Comodo Endpoint Security Manager or Bitdefender Gravity Zone.
  5. Use intrusion detection software at critical points to detect abnormal behavior on the network.
  6. Encrypt transmission of cardholder data across open, public networks.
  7. Do not store sensitive authentication data.
  8. Maintain strict policies and educate employees on dangerous behavior when manipulating company software and hardware.
  9. Perform regular penetration testing of all systems and patch vulnerabilities as soon as possible.
  10. If possible, employ system integrity and monitoring with an application whitelisting technology to control which applications run in your network.

Is there anything I’ve missed? What are your tips on defeating the newest point-of-sale threats?


The Premises of IT Security Training?

Infоrmаtiоn tесhnоlоgу security training bесаmе аn unavoidable оutсоmе as ѕооn аѕ the first computer wаѕ invеntеd. Thе рrоgrеѕѕiоn from giаnt соmрutеrѕ with рареr rеаdоutѕ to portable laptops еnѕurеd that the рорulаritу of computers аѕ a mеаnѕ of storing аnd еxсhаnging information wоuld lеаd tо a whole nеw аѕресt оf thе security fiеld.

Mоdеrn technology рutѕ thе world at your fingеrtiрѕ. Yоu саn ассеѕѕ virtually аnуthing viа thе intеrnеt. You саn do it from аnуwhеrе аt аnу timе оf dау аnd gеt еxасtlу whаt you are lооking fоr. Yоu mау hаvе the intention of uѕing it tо dо lаtе night оnlinе ѕhоррing оr аftеr hоurѕ bаnking frоm hоmе. Thе innоvаtiоnѕ in internet business аllоw for this ассеѕѕ аnd let уоu tаkе advantage оf thеѕе extremely convenient options.

Nоt everyone, however, looks at thiѕ mеаѕurе оf convenience with thе bеѕt оf intеntiоnѕ. Sоmе lооk аt it аѕ thеir орроrtunitу to infiltrаtе any givеn nеtwоrk fоr their own mаliсiоuѕ рurроѕеѕ. Thеу may bе ѕееking оut реrѕоnаl information that wаѕ mеаnt to stay private. Thiѕ соuld еvеn inсludе реrѕоnаl infоrmаtiоn rеlаtеd to finаnсеѕ. Aссеѕѕ tо bаnk accounts соuld lеаvе уоu wоndеring whаt happened tо уоur ассоunt when уоu knоw уоu hаvе nоt ассеѕѕеd it in thе past fеw days, but your bаnk rесоrdѕ indiсаtе that thеrе hаѕ bееn a flurry оf асtivitу. Yоu соuld run intо a similar issue with уоur сrеdit саrd numbеr if уоu have еvеr bоught anything online.

Why do you need IT Security Training?

Whеn уоu ѕеnd your infоrmаtiоn out into cyberspace in thiѕ mаnnеr, you want tо mаkе sure thаt it is bеing protected frоm all thоѕе who might intercept аnd misuse it. Thеѕе роtеntiаl рrоblеmѕ givе birth to IT Sесuritу Training. In thiѕ case, necessity wаѕ definitely thе mother оf invention.

With Information Tесhnоlоgу Security Trаining, trаinееѕ gаin the knоwlеdgе and rеаl wоrld еxреriеnсе tо соmbаt аll those who wоuld роѕе a thrеаt to the ѕаfеtу оf уоur personal infоrmаtiоn. They can аlѕо wоrk on behalf of larger соmраniеѕ whо wiѕh tо ѕаfеguаrd their own information аnd thаt of thеir сuѕtоmеrѕ from аnу attacks.

All people аnd соmраniеѕ hаvе a grеаt dеаl оf ѕеnѕitivе information that соuld bе bаd nеwѕ if it fell into the wrоng hands. Avoiding thе internet еntirеlу dоеѕ nоt ѕееm tо be a ѕеnѕiblе solution. It iѕ tоо muсh a раrt оf daily lifе аnd essential tо соmреtе in thе business world. Kеерing аll your filеѕ оn рареr аnd in your firерrооf ѕаfе may hаvе bееn аdviѕаblе ѕоmе уеаrѕ ago but, in thе сurrеnt tесhnоlоgiсаl сlimаtе, it iѕ juѕt nоt feasible. Your infоrmаtiоn is likely to bе accessible оnlinе. At mоѕt, уоu mау nееd оnlу to log in to уоur bаnk’ѕ wеb site to асtivаtе уоur dоrmаnt оnlinе ассоunt. It is sitting thеrе wаiting tо bе uѕеd, and it ѕhоuld bе there. The benefits of bеing аblе tо ассеѕѕ infоrmаtiоn and complete trаnѕасtiоnѕ оnlinе саn bе a wоndеrful раrt оf living in thiѕ high tесh age. You just need tо mаkе ѕurе that уоu information iѕ ѕаfе when you ѕtаrt ѕurfing thе wеb.

Information technology security training is a wау to provide соmрrеhеnѕivе trаining to individuаlѕ who are рurѕuing a саrееr in thе infоrmаtiоn ѕесuritу industry оr whо are brushing uр on their ѕkillѕ. Thiѕ iѕ nоt аn аrеа thаt уоu саn learn аbоut оnсе аnd then rеѕt оn your laurels. As уоu lеаrn, ѕо dо thоѕе whо wоuld compromise уоur nеtwоrk so уоu muѕt kеер уоurѕеlf аррriѕеd оf the lаtеѕt dеvеlорmеntѕ аnd уоur system updated with thе most rесеnt countermeasures. Yоu hаvе to kеер imрrоving your nеtwоrk. Yоu may dо wеll tо remember thе timeless quote. The рriсе of freedom iѕ eternal vigilance.

How can you learn more about IT Security Training?

Contact us today on 0203 7403 710 or email jorge.geddes@cybersecure.uk.com to discuss your IT security training requirements.


Why outsourcing IT is vital to SMB success

Only 9% of SMBs hire external IT support, but things are expected to change. 81% of SMB decision-makers believe outsourcing IT solutions in 2016 (including cybersecurity endeavors) will increase their bandwidth to address other areas of their business, according to a recent survey.

Many small businesses try to tackle IT challenges on their own, while also focusing on increasing profitability and business growth. But they soon realize it’s too much to handle. That is where providers like Cyber Secure come in.

Some of the most pressing IT issues concerning SMBs right now originate from embracing digitization – cloud computing and virtualization, mobility solutions, big data, managed services and the Internet of Things environment. All of these need to be managed, while figuring out how to contain tech costs and keep current systems up and running.

This migration towards digitization and the cloud has tremendous benefits, however, it also increases security risks. For SMBs, security risks exist both inside and outside the firewall.

Top 5 threats affecting SMBs at this moment include:

  • BYOD risks.  60% of SMB decision-makers say that mobile solutions are critical to their business. But when employees start bringing in personal smartphones and tablets under a bring-your-own-device (BYOD) policy, admin oversight grows exponentially.
  • Cloud risks. It’s nearly impossible for an Internet-reliable SMB to survive today without a cloud platform. The cloud is the new IT infrastructure for SMBs. But security concerns remain a huge barrier to public cloud adoption.
  • Cutting-edge malware. Keeping up with cybersecurity developments is essential in defending SMB assets. But more than half of small companies admit not having the time to stay informed with the latest cyber-threats. It’s risky, especially since online banking and payment services are a prime target of malware and phishing campaigns.
  • Third parties. Third parties introduce an element of unknown to the company and can definitely elevate the level of risk to a business. Poor security habits can cause changes in the way the infrastructure is used and configured and inevitably lead to a breach.
  • Employee negligence and insider threats. About a third of organizations have experienced an insider attack in 2015, according to SANS Institute. Employees have the tendency to open attachments to or click links embedded in spam, to leave their systems unattended, to forget changing their passwords, and visit restricted sites.

The benefits of externalization

IT service providers are able to successfully offer comprehensive services without the traditional push-backs about outsourcing IT and loss of control.

They are uniquely positioned to help SMBs grow and are the problem solvers who get the network back up after a security breach, human accident or power failure. And these do hazards happen, more frequently than you would think.

They take the time to fully understand the security risks faced by SMB customers, and provide products and solutions that address these specific risks.

4 things IT service providers can do better

  • Offer flexible support

Before an SMB can determine the type of IT support it requires, it usually considers its individual needs. Many IT service providers offer various levels of assistance which allow for the tailoring of their services to meet the needs of any business. Customer satisfaction comes first.

  • Handle business-critical systems

Thanks to their experience in different industries, IT solutions providers can offer information, guidance, and services related to a business’ most important technologies and operations.

  • Manage a crisis

IT service providers can help businesses come up with a crisis management plan to prevent intrusions and enhance security. Establishing a security mindset within the business may be one of the most crucial things an SMB could learn from their IT provider.

  • Reduce costs

Outsourcing eludes the need to hire individuals in-house. Therefore, recruitment and operational costs can be minimized to a great extent. This is one of the prime advantages of hiring an IT service provider. What’s more, most of them adopt the pay-as-you-use pricing model, enhancing flexibility and lifting the burden of upfront deployment and management costs.

Companies undertake outsourcing for a variety of reasons: their vision, lack of resources and skills. While this may vary from company to company, the fruits of labor are visible in leading companies worldwide, where outsourcing has become a vital component of day to day business strategies.


Vulnerable software has always been the Achilles’s heel of any system. Many small organizations believe they are perfectly safe because they’ve implemented a patch management plan, but a reactive approach has always proven to be a bad security strategy.

Software vulnerabilities are a big deal

In computer security, the term vulnerability is applied to a weakness in a system, which compromises its integrity. Vulnerabilities may result from weak passwords, software bugs or misconfigurations, a computer virus or other malicious software, to name a few.

Recently, a four-year zero-day vulnerability in the Linux kernel was discovered to give full control to tens of millions of Linux PCs and 66 percent of all Android devices. And this happened despite the fact that Linux is one of the most stable and secure systems used today.

At the other end of the spectrum, one of the most heavily-exploited programs is Internet Explorer. Over the years, it was plagued with many critical vulnerabilities, including remote code execution, elevation of privilege, information disclosure and security feature bypass. In 2015, Internet Explorer 9 through 11 ranked seventh among the most vulnerable software programs in use.

Cyber-criminals exploit these flaws to breach company systems and get hold of sensitive proprietary data which can be used for blackmailing purposes, to be sold on black markets or permanently destroyed.

And they are unstoppable. Finding zero-day vulnerabilities has become a multi-million dollar business. Not long ago, Forbes published a profile of a company called Vupen, whose business is selling zero-day exploits to governments and…anyone interested. They are willing to pay six-figure amounts for the most valuable ones.

The first thing you can do is acknowledge the consequences of running outdated apps:

  • System crashes and downtime, as you waste time fixing IT issues rather than focusing on your busines
  • Increased costs and decreased productivity
  • Exposure to cyber attacks
  • Permanent loss of sensitive or proprietary information
  • Legal and regulatory compliance risks

Secondly, take action.

Why is a vulnerability assessment indispensable for the security of your corporate network? Well, vulnerability scanning means testing, identification, analysis and reporting of potential security issues on a network.

Running a vulnerability assessment may reveal:

  • Default easy-to-crack passwords
  • Rogue devices connected to your systems
  • Dangerous applications such as peer-to-peer apps or exploitable third-party apps
  • Potentially dangerous services
  • Faulty script configurations
  • Unnecessary open ports
  • Old user accounts

Here is simple attack scenario: the account of an old employee who has been fired is still active on your network. He remembers his password, logs in and deletes business-critical files to create chaos and revenge himself. This operation will cause hours of downtime, frustration for your IT team and financial losses, depending on your business activity.

A vulnerability assessment will bring these issues to light and help prevent them. With the help of automated tools such as network scanners, port scanners, IP scanners and network mappers, you will know your network assets and weaknesses.

The downside is that vulnerability assessment tools discover current vulnerabilities, but they don’t separate dangerous flaws from harmless ones. Here is where penetration testing comes in. Penetration testing doesn’t stop at uncovering flaws, it also exploits possible gateways of intrusion and measures the severity of each.

To find out the real-world effectiveness of your existing security controls against a skilled attacker, you need to understand his mindset. That is why hiring the right white hat hackers is crucial.

The benefits of vulnerability assessment and pen testing

When combined, the two techniques will offer you a more detailed view of the threats your applications face, enabling you to better protect systems and data from malicious attacks.

This way, you:

  • avoid costly security breaches and interruptions
  • prioritize security risks
  • meet regulatory requirements and avoid fines.

 How Cyber Secure accommodates these services?

Cyber Secure Ltd provides vulnerability testing, often working with awarded solutions to cover all angles of your network security. Order a pen test right now!


Everybody dreams of becoming their own boss. Managing a business means making your own rules, while using your time as you see fit. Sounds great, but you need to consider the competition from big players, the increasing expectations from digital savvy customers, the pressure of finding new clients while also controlling costs. Plus, there’s always the challenge of adapting to the latest tech advancements!

With all these necessities, information security is often disregarded. This happens because most business owners don’t realize how important their business and ultimately, their data, is.

First of all, there’s nothing small about SMBs. SMBs play a vital role in the economy. They make up nearly 99 percent of US employment firms and account for more than half of the new jobs created in the past decade. A recent study predicts that SMBs will contribute to 40% of worldwide public cloud spending by 2019.

Hackers have long realized the value of SMBs. Yes, spectacular, sophisticated attacks on big companies like Target or Anthem grab the attention of the media, but there are actually more SMBs targeted than larger organizations. In fact, in 2015, small-businesses were prime targets for cyber-thieves.

As we have seen, POS malware campaigns are on the rise, making victims from multiple industries and locations across the globe. Healthcare providers, retailers, hotel chains, dental clinics, machine manufacturers, technology companies, beauty supply shops – everyone is affected by the same credit card stealing threat.

Social engineering emails carrying remote access Trojans (RATs), have been seen infecting US and UK businesses. Financial malware hidden in innocuous Word documents stole millions of online banking credentials.

Ransomware, the virus that locks up files in exchange of a ransom, has also been blackmailing SMBs. And since a modern business relies heavily on its digital assets to satisfy customers and fears public shaming, it becomes particularly vulnerable. As a result, CryptoWall 3.0, one of the most complex versions of this type of malware, made its creators $350 million richer last year.

Why are SMBs preferred targets?

First of all, small businesses underestimate the importance of their data. Every business has confidential, proprietary information, such as employee salaries, revenue numbers or customers’ credit card details. That’s what cyber-criminals value most. Also, small businesses are a piece in a bigger puzzle. If they do business with larger companies, most likely they are being used to get to the ultimate target.

Secondly, SMBs have a high return on investment. Since malware has become so sophisticated to leave no traces behind after it captures the data it needs, and with the possibility to buy malware online anonymously, the results overweigh the risks.

Lastly, small businesses are easier prays than larger enterprises. The bigger the business, the more IT experts and security systems it will have in place to fend off cyber-threats.

Unfortunately, entrepreneurs not only put security on the back seat of their business priorities, but also underestimate the impact a leak of proprietary information may have on their reputation, credibility and ultimately profits.

But the truth is…a security breach can devastate a small or midsize business.

One unlucky click – a malicious email attachment, a link to a legitimate but compromised website – can result in a costly data breach that drains bank accounts and customer trust. A 2012 study by the National Cyber Security Alliance found that 60 percent of small firms go out of business within six months of a data breach.

If you’re an entrepreneur, these facts probably put things into perspective. But there’s not need to panic, there are solutions. The first thing you can do to prevent cyber-threats is invest in a dedicated endpoint security solution that suits your exact needs.

Also, remember, it’s extremely important that you begin educating employees on the risks of careless online behavior, weak passwords, phishing schemes and other threats that may fool them into giving access to your network and assets.


Botnets and ransomware. How to filter P2P networks for security threats ?

Ransomware and botnets using peer-to-peer networks are taking off this year, according to cyber-security specialists.

Stealthy by nature, criminals use botnets for a myriad of malicious activities, including denial-of-service attacks, spam, and banking fraud.

ZeroAccess, Sality, Zeus and Kelihos are some of the biggest and most resilient botnets to date. For instance, Kelihos, has been taken down a number of times as attackers created new versions of the network each time. And GameOver Zeus, a variant of the Zeus family of bank credential-stealing malware has successfully used a decentralized network infrastructure of compromised personal computers and web servers to execute commands and infect millions of computers.

The advantages of P2P

Centralized servers are routinely tracked and blocked by the security community. Malware creators prefer a P2P network of infected hosts to communicate and distribute data because these peers act as a massive proxy network. Compromised bots talk with each other to propagate binary updates, distribute configuration files, and to send stolen data. Without a single point of failure, the lack of a C&C infrastructure makes them more resilient to takedown efforts.

Botnets from P2P applications are also becoming more sophisticated in their communication methods, and this makes eradicating even more difficult. They lay low to elude the standard discovery techniques which look for abnormal network behavior.

This way P2P botnet traffic does not necessarily look malicious or harmful, so it may not trigger a warning. But it does create noise, meaning high volumes of traffic, high network latency and traffic on unusual ports. If businesses don’t constantly monitor their entire corporate network, they won’t be able to identify P2P traffic.

Here is where network monitoring proves helpful. Networking monitoring is a critical IT tool that serves several purposes:

  • Optimizes network performance by identifying bottlenecks and other problems
  • Builds a database of critical information to help enforce security
  • Finds anomalous internal traffic that might be indicate a security threat

There are a few ways to identify P2P activity on a network:

  • Port-based analysis. Port based analysis is the most simple method to detect P2P traffic. It is based on the idea that many P2P applications have default ports to communicate with the outside. This technique is not bullet-proof since P2P programs have started using dynamic ports to connect to their servers or other clients, thus making them unpredictable.
  • Protocol-based analysis. Application layer protocol analysis monitors traffic passing through the network and inspects the data payload of the packets according to some previously defined P2P application signatures. However, static signature based matching requires new signatures to be effective when changes in signatures occur. The problem with this approach is that attackers change their signatures randomly and use tunneling to disguise their applications, so this method is not 100% efficient.
  • Client-based analysis relies on analyzing the changes in client computers. But a system administrator doesn’t always know if the user is manually deleting registry keys or executable files or there is P2P traffic involved.
  • Behavioral analysis. Anomaly detection is another way of detecting P2P traffic, since bots usually exhibit a different behavior from legitimate P2P users, such as sending queries periodically, always querying for the same content, or repeatedly querying but never downloading. Although this approach is effective for detecting known botnets, it is not very powerful in detecting new ones. That is why administrators rely on other tools, such as honeypots. They tend to use both approaches together to detect botnets and identify their C&C mechanisms.

Unfortunately, there is no one-fit-all solution for the identifying P2P traffic. Nonetheless, network monitoring plays an important role.

Network monitoring solutions have other functionalities as well. They allow you, the system administrator, to study a constant problem with a closer eye. For example, if a piece of hardware is constantly tripping, it may be the time to replace this hardware. The same would apply for a constant crashing service. Should you notice that a service or a particular application is frequently crashing, it might be a good idea to look into troubleshooting the application.

Cybersecure offers network monitoring services trusted by more than 150,000 administrators who monitor their LANs, WANs, servers, websites, appliances, URLs, and more.


The ultimate cheat sheet to monitoring teens in the digital age (and stopping internet cyber-bullying)

Pornography has basically been around since forever. But, thanks to the Internet and more so, with the anonymization of web browsing, it has increased sharply in accessibility and hyper-interactivity. As a result, children are increasingly involved in sexting, cyberbullying and pornography.

One in three Android device users sends inappropriate text messages to their friends, according to Bitdefender data. It’s not surprise, since nowadays, children are taught to use tablets, smartphone and their user-friendly mobile apps from a very young age. Yes, teachers and parents keep an eye on them while at school or home, but new technologies allow young kids to circumvent constraints.

Smart toys have also made their way into kids’ lives, making 21st century parenting even more difficult. Not long ago, a Wi-Fi enabled Barbie was hacked and turned into a surveillance device. The doll’s operating system was hijacked to get access to network names and IDs stored inside its network. Once inside, hackers got access to account information, stored audio files as well as control over the microphone.

This followed news that photos and conversations of 4 million children were leaked in a security breach affecting toymaker VTech.

So how can parents avoid exposing their children online and protect them from cyber-bullying?

Here are the ten recommendations that will help protect children and prevent cyber-bullying.

  1. Keep ad-blockers on to make sure kids don’t click on malicious ads.
  2. When choosing a security solution for your home computer, make sure it is equipped with parental control technologies to see what your kids are doing online. CyberSecure recommends Net Nanny 7 for Windows, an award-winning parental control software that gives parents the power to protect children by filtering out the harmful content and other dangers of the internet.
  3. Keep security software updated to fend off spam, malware, spyware and others.
  4. Most importantly, help children learn about security hazards, how to recognize phishing attacks and become good online citizens. Teach them about the implications of posting private information about themselves and about the persistence of this data on the Internet.
  5. When it comes to smart toys, parents should first understand exactly how the gadget works – how it connects to the Internet, what data can it access, where that data is stored and under what circumstances. Before buying it, they should do a proper research of the new toy, then weigh the risks and benefits – can this toy turn into a privacy hazard? Using data gleaned from the toy, could someone infiltrate the home Wi-Fi network to snoop on private conversations and steal other personal information?

The first thing parents should do before installing and connecting the smart toy to the Internet through its mobile application is to read the Terms of Service or privacy statement. They should also be cautious when asked about their children’s names or age, or any other sensitive information which isn’t necessary.

While smart gadgets are attractive, it’s important to educate children on cybersecurity issues which they may face, sooner or later. It is a hard one to tackle, but start early, as soon as they start going online. In a simplistic way, advise children on using passwords, cybercrime and what is proper etiquette. It’s equally important to teach children about the consequences of over-sharing information about their private lives. Facebook is a rich source of data for any cyber-stalker looking to find new victims, both online and offline.


36% of small businesses forego endpoint security, a survey recently revealed. 700 security professionals from 50 countries were asked about the main security concerns and challenges they face inside their organizations and not surprisingly, most of them have admitted that three out of four problems revolve around endpoints.

Endpoint security is, by definition, a solution for protecting the central network while it is accessed by remote devices such as smartphones, laptops, IoT gadgets and other wireless devices. And with employees embracing mobility and bringing even more personal devices in the office space, it seems only natural that small companies protect their network from security breaches. However, studies show that this is not actually happening. Very often, the endpoint device is the initial point of compromise that allows for lateral movement into the corporate network, allowing hackers access to sensitive data.

And facts become more worrisome as cyber-security threats against SMBs are thriving. A 2015 Ponemon Institute report shows that the average enterprise gets 17,000 malware alerts weekly, from IT security products.

So why are companies still lagging behind on securing their corporate environments? Here are five popular misconceptions that I believe are responsible for the sluggish adoption:

Misconception no. 1. A consumer-grade AV solution and a firewall will manage to protect the whole network from hackers. The reality is that traditional antivirus solutions have their shortcomings. As the IT computing infrastructure has become more complex,  we have seen corresponding changes in the security threat landscape and antivirus solutions have become less efficient in detecting sophisticated malware. Rather than looking for signatures of known malware as traditional antivirus software does, next-generation endpoint protection platforms analyze processes and connections in order to spot activity that indicates foul play. This means stronger real-world protection against malware and exploits. Plus, an endpoint security solution will include a broader range of security features. These typically include:

  • Malware removal based on existing signature files and heuristic algorithms
  • Built-in antispyware protection
  • Ingress/Egress firewall
  • IPS/IDS sensors and warning systems
  • Application control and user management
  • Data input/output control, including portable devices

Another advantage over consumer products is that corporate software uses a centralized server application to allow easy management of all the endpoints from a single user interface. This translates in more efficiency.

No.2. Another huge misconception is that only large companies need security because unlike SMBs they store valuable data. Think Target, Home Depot, eBay, and Anthem. But the reality is that big breaches start small. Third-party security breaches have happened in retail, hotels, healthcare, and in many other verticals where partnerships and outsourcing are increasingly used to support business operations. In the UK, contractors accounted for 18% of serious breaches.  Remember, third-parties act as insiders, having partial access to company information.

No.3. Underestimating the human risk is another common mistake companies make. Not every organization is vulnerable to the same types of security threats, but they all have in common one thing: the human factor. In fact, 24 percent of organizations affected by data loss in the past year say it was the result of an employee accident.

Data loss incidents often happen when employees send sensitive documents to unintended recipients. People also transfer work documents to personal email, place them on consumer-grade file-sharing sites or copy onto removable media such as USB sticks. And while flash drives seem harmless, if someone connects an infected USB drive to the office network, a worm can upload and replicate itself on the network. Regular employees aren’t the only ones whose activities should be monitored. Despite boasting super human powers, skilled system administrators sometimes make mistakes. Reports show system misconfigurations, poor patch management practices and the use of default names and passwords are some of their most common errors.

No. 4. Fourth misconception on the list refers to applications are becoming inherently more secure and policies are strong enough to mitigate any human risks. The reality is that policies are not a panacea. On the other hand, believing that technology alone can keep endpoints secure and therefore skimping on actual security policies, procedures, and training is also wrong. No technology can deliver security if people undermine it.

No. 5. Endpoint security will solve all security needs. The reality is that endpoint security is only one of the weapons in a company’s security arsenal. Network monitoring, intrusion prevention and DDoS protection are only a few of the other useful tools. Also, data protection should include encryption, backup of critical data, and secure destruction of data and retired devices that contain critical data.

Of course, there are more than a handful of reasons why small business owners have not installed dedicated security software: maybe they have not recognized the need, maybe they consider it as an expensive investment, maybe they don’t see the difference between a consumer product and an endpoint security solution. But, ultimately, the smartest way to make a decision is to test.

CyberSecure offers multiple endpoint protection solutions. Get more information or price quotes.


In 2015, DDoS attacks have increased in frequency with 180 per cent, according to a report by security firm Akamai.

Distributed-denial-of-service attacks are one of the most destructive attacks on the Internet, ones that small businesses should also learn to deflect in due time to avoid losing money. Here’s everything you need to know about mitigating denial-of-service attacks that might paralyze your business.

What is a DDoS attack?

A denial-of-service attack is a cyber-attack that renders a specific resource unavailable to its intended user, be it a website or a system network used for critical business operations. This is usually done by overwhelming it with traffic from multiple sources. And by traffic, we mean up to 500GBps – the world’s largest DDoS attack known to date.

DDoS attacks come in many different forms. These are the four most typical:

  • Protocol attacks – occupying connections

These attacks use up all the server resources, including those of immediate infrastructure devices such as load-balancers, firewalls and application servers.

  • Volume-based attacks – using up bandwidth

This includes UDP floods, ICMP floods, and other spoofed-packet floods. What they have in common is consuming the bandwidth either within the target network or service, or between the target network and the rest of the Internet. These attacks are simply about causing congestion.

  • Fragmentation attacks – pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.

  • Application layer attacks – targeting applications

Comprised of seemingly legitimate and innocent requests, they overwhelm a specific aspect of an application or service even with very few machines generating a low traffic rate (making them difficult to detect and mitigate). Their goal is to crash the web server, and their magnitude is measured in Requests per second.

Who is behind it

By nature, DDoS attacks are anonymous. Most of them use IP address spoofing to make the source of attacks almost impossible to identify.

But DDoS is emerging as the weapon of choice for hackers, political hacktivists, cyber-extortionists, and international cyber-terrorists. Anyone can launch an attack: state-sponsored hacking groups, a disgruntled student looking for revenge, a former employee searching blackmail motives or a competing company looking for compromising information. From a motivational perspective, the majority of attackers are financially driven – looking to extort companies in exchange for stopping the attacks. Yet recent research found that ideologically motivated DDoS attacks are on the rise, too. Think Anonymous.

What is truly worrisome is that an attack can be deployed by relatively unsophisticated attackers who pay for available, low-cost DDoS-for-hire services. There are also pre-packaged DDoS toolkits that anyone with a minimal amount of know-how can use.  For instance, the RageBooter tool “a reliable server stress testing” service.

Source: nakedsecurity.sophos.com

Sometimes, hackers use DDoS attacks as decoys to occupy security staff while they attack networks and steal data. While IT staff is tied up with the disruption, attackers can plant malware and prepare other types of attacks with more severe security implications.

How to mitigate DDoS attacks

DDoS attacks are among the most difficult attacks to defend against. Traditional perimeter security technologies such as firewalls and intrusion detection systems (IDSs) are not 100% efficient because most of the times illegitimate packets are indistinguishable from legitimate packets. Also, typical “signature” pattern matching, performed by IDSs, is not effective in this case.

Many of these attacks also use spoofed source IP addresses, thereby eluding source identification by anomaly-based monitoring tools (firewalls) looking for unusually high volumes of traffic. Other strategies, such as over provisioning (adding bandwidth), do not provide adequate protection against ever larger attacks, and they are far too costly as a DDoS prevention strategy.

Therefore, responding to this threat appropriately and effectively poses a tremendous challenge for all Internet-dependent organizations. Taking on DDoS attacks requires a new approach that not only detects increasingly complex and deceptive assaults, but also mitigates the effects of the attack to ensure business continuity and resource availability.

DDoS protection is built around four key themes, according to Cisco:

  1. Mitigate, not just detect.
  2. Accurately distinguish good traffic from bad traffic to preserve business continuity, not just detect the overall presence of an attack.
  3. Include performance and architecture to deploy upstream to protect all points of vulnerability.
  4. Maintain reliable and cost-efficient scalability.

To achieve these goals, multiple layers of filtering are required to secure networks and web applications. Key preventative measures include using a cloud-based anti-DoS/ DDoS service that routes suspicious traffic to a centralized location and filters out malicious traffic. It absorbs a high volume of malicious traffic across a distributed network of servers to shield a company’s website and applications.

Good web-application hygiene (updates and patches) is also essential for defending against denial of service disruptions.

CyberSecure can help you prevent or stop DDoS attacks aimed at your company network by implementing the best protection on the market.


The global BYOD & enterprise mobility market is estimated to grow to USD 360.07 billion by 2020. And while increased productivity and employee satisfaction are driving the adoption, cybersecurity remains one of the biggest roadblocks against BYOD.

As more and more offices offer telework options and embrace bring-your-own-device policies, security vulnerabilities crop up, too.

One in five organizations suffered a mobile security breach caused by malware or employees connecting to malicious Wi-Fi networks using their corporate-owned device, according to a study.

What’s even more worrisome is that 48% of organizations don’t know if or when their mobile devices connect to a risky Wi-Fi network. This shows system administrators face real issues when it comes to complete visibility over their networks. Monitoring the entire network, every device, every port on a 48-port switch, every interface on a server is a dream and an expensive one, too.

The roots of BYOD problems

Small businesses tend to disregard BYOD as a potential danger for their company. This negligent attitude originates from theconfusion of who is accountable for securing personal devices. Despite existing security policies, employees and organization leaders seem to point fingers at each other, absolving themselves from security responsibilities while blaming the other party.

Also, as organizations become increasingly mobile, users are pushing the bounds of corporate policy by bringing their own products and services inside the company – file-sharing applications and services originally designed for consumers, for instance, are one of the main causes of corporate data leakage.

Other risks derive from the process of jailbreaking a device, namely, removing the security restrictions imposed by the vendor to gain access to unofficial third-party applications, for instance. However, unless the user, who now boasts admin level permissions, is self-reliant when it comes to security, the devices and hence, the company network he is connecting to, may be exposed.

Employees can also expose corporate data by failing to apply software security updates on their devices. These known vulnerabilities can serve as a gateway to the company network.

How organizations can enhance security?

Rogue IT is a complex issue, it relies on people, processes and technologies.

Companies should increase control over their file-sharing policies, practices, and technologies, but should do so in ways that don’t limit employee productivity or satisfaction. Ideally, companies should provide secure and easy-to-use in-house solutions to host files and other services, which are equally user-friendly as well as cost effective.

Apart from policies, employers should consider partitioning work-related content from personal content on personal devices. Containers, dual persona and application wrappers all provide application-level protection for sets or individual, applications.

Regular checkups of potential cyber-risks are also a must.

Tools such as mobile device management (MDM) software enable corporate control over a fleet of devices. They let IT administrators troubleshoot and manage employee mobile devices remotely.

Assessing security vulnerabilities inside a network plays a crucial part in your IT security. Network vulnerability scanners can scan your network and websites for thousands of security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and outline steps to remediate them. Some can even automate the patching process.

Cybersecure provides a proven and cost-effective security solution for cloud-managed security.