Category: Cyber Security

  • QSnatch Malware and the Safety of Network Attached Storage (NAS)

    QSnatch Malware and the Safety of Network Attached Storage (NAS)

    The QSnatch malware was first detected in October of last year, the goal of it appears to be in most cases to grab the credentials of the Network Attached Storage (NAS) it infects. It was also determined it has the capability to download further instructions from online servers, making it an extremely versatile malware.

    In October it was reported that 7000 devices had been infected with this malware, however recently it was confirmed by CISA that in June of 2020 that had jumped to 62,000 devices, making it clear this malware is now being used more prolifically. We also have learned more about its capabilities. That includes:

    • Credential scraper
    • SSH Backdoor – This allows the hacker to execute code on the device
    • Exfiltration – When run it allows QSnatch to steal a predetermined list of files
    • CGI Password Logger – This allows the malware to install a fake version of your device’s login page, allowing them to steal your credentials
    • Webshell functionality for remote access

    That seems like a scary list of abilities and makes it clear that enacting security measures in all your devices but especially those that contain important data is imperative.

    If you already use NAS you probably know the benefits, but for those that don’t or are considering it here is what’s beneficial about employing NAS devices in your organization:

    1. More storage space, in most cases NAS devices are used instead of or in addition to regular servers.
    2. Private cloud, a NAS device can be used to have a private cloud network in your business or even your home.
    3. Media Servers, there are many NAS devices especially aimed as functioning as a media server.
    4. Automated backups, a NAS device can function as your backup device or in addition to your primary backup device for more redundancy.
    5. Lower costs, NAS devices tend to be much cheaper than traditional servers.

    This is just a small list of the benefits but as with most devices there are specific measures required to keep them safe from a cyber-attack. This includes having a good plan for password security in your business – a hacker getting the password to one of these devices may be handing them the keys to the kingdom.

    Also, as the name implies this is “network” attached storage, so you must have a secure network in place. You also want to make sure you’re regularly updating the firmware for this and any other devices you use.

    Network attached storage devices are an excellent option for many businesses, as long as the proper protocols are followed to keep it safe.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!

  • The Threat You Might Not Have Heard of – Stalkerware.

    The Threat You Might Not Have Heard of – Stalkerware.

    We’ve all heard of ransomware and malware at this point, but there’s one that may be flying under the radar. I’m talking about stalkerware.

    Stalkerware is a type of software or application designed to monitor or secretly record you on your devices. The phrase was coined because it was often used by spouses or other intimate partners who want to secretly spy on their partners.

    While in some cases it may be deliberately installed, there are variations of this now that are more insidious. Applications that can detect your GPS location even in the background, as well as applications aimed at parents looking to track their children’s devices that collect more data than they’re supposed to are two notable examples.

    In either variation they’re definitely a violation of the user’s privacy. The Google Play Store (for Android phones) and Apple App Store (for iOS phones) both prohibit applications aimed at tracking your loved ones use without their knowledge or consent, but so many things are added daily it’s inevitable some will slip through.

    On the other end, applications you install on purpose that collect data they shouldn’t is also a major problem. The data they’re collecting is often sold to third parties who then use it to market to you on websites you frequent.

    Most of us are aware the free websites and applications we use on the internet are not really “free”. The cost is being inundated with sales ads, but ads specifically targeted to you by data you didn’t know was being extracted by your computer or phone is a violation none of us would willingly sign up for.

    We’re left questioning how much privacy we can really expect on the internet, and what is needed to protect that privacy. Much more is required of our governments and legislatures to ensure that the private details of our lives aren’t sold to the highest bidder.

    One high profile example going on right now is over the popular phone application TikTok. TikTok was recently banned in India due to privacy concerns, which the company vehemently denies.

    It’s our recommendation that you vet the software, websites and applications you download or visit thoroughly, as well as uninstalling any not currently in use. While this won’t completely mitigate the risk of stalkerware, it may help minimize the damage.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!

  • DDoS Attack or Not? Yesterday’s Outage Left Many Systems Down for Hours

    DDoS Attack or Not? Yesterday’s Outage Left Many Systems Down for Hours

    Yesterday, an outage stemming from T-Mobile left many major systems down. Affected websites included T-Mobile itself, Instagram, Comcast, Sprint and Chase Bank. Was it a massive DDoS attack or just a server misconfiguration as they’re claiming?

    First, it’s probably a good idea to explain what a DDoS attack or Distributed Denial-of-Service attack is and what it aims to do.

    A DDoS attack is a cyber attack where the perpetrator or group of perpetrators seeks to make a server or network unavailable by attacking its connection to the internet. They typically do this by flooding the affected systems with traffic, overloading them and causing them to go down.

    These attacks can happen to a single computer, an office, or even on a global scale. The website https://digitalattackmap.com/ attempts to track these DDoS attacks on a global level, however it’s somewhat controversial among cyber security experts as they question the veracity of it’s data.

    Many time these outages are made apparent by the website https://downdetector.com/ which accurately tracked the cascading wave of websites that went down in yesterdays event.

    Down Detector is a reliable source for tracking whether the connection issues you’re having are stemming from your network or the website or service you’re trying to access is truly down.

    So, was yesterday’s event a DDoS attack or just an error? The public will probably never know. However as cyber crime continues to ramp up – purported to be a $6 trillion dollar industry by 2021 – it’s a good idea to have the best protections in place so you and your business don’t fall victim.

    A DDoS attack aimed at your systems may expose other vulnerabilities, and the downtime alone can be costly. If your IT team isn’t adequately prepared to defend against this or any of the other varieties of cyber attacks plaguing the technology market, it might be time for a new team.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!