Connect with us

Tech News

Rise of the Super-Malware: why it matters to every professional

Super-Malware is often misunderstood by the average professional but can cost any brand big bucks, so let’s brush up on the topic together!

Published

on

super malware

super malware

Super-Malware has become intense, more common

You already know about malware and you’ve learned not to click stupid links, but your company is vulnerable in more ways than just simple viruses sent over emails, with threats coming from new and increasingly intelligent sources.

To help us better navigate these vulnerabilities for every company (even a one person operation), we tapped the wisdom of Maddie Grant, who outlines below the rise of the Super-Malware:

Threats outpace the rise of awareness

Over the last few years the volume and intensity of malicious web security attacks has grown dramatically, thanks mainly to greater access to high-powered distributed systems and automation; and exploit kits that make execution and distribution simpler for cybercriminals. The strength of attacks is daunting and though the internet community is growing more aware of general risks, the threats seem to outpace it. 2013 is dubbed the year of the mega breach, where we witnessed 253 major breaches that exposed 552 Million identities including credit card data, addresses, passwords and other personal information. This was a 62% increase over 2012 (according to Symantec).

Website vulnerability has been a very attractive starting point for cybercriminals to inject and launch their attacks. Symantec’s state of web security report reveals that 77% of the websites they researched had exploitable vulnerabilities and 1-in-8 was critical. With unchecked access to websites, cyber-criminals are left to roam free executing zero-day exploits that covertly infiltrate to not only steal data but also cripple legitimate networks.

The battle to protect your website and guarantee availability for your clients and other site visitors is a critical area of focus for your company. Depending on the reach and scope of your business and the number of clients being served, a data breach can easily cost you upwards of $5.4 Million. Thankfully, it costs significantly less to protect your web assets.

breach

The Types of Attacks & Risk to your Business

Protecting your website and networks requires input and insight for all aspects of the services you’re providing both to clients and internally. If you’re primarily delivering a service online via a software-as-a-service model, you may be inclined to focus solely on making your web application secure at the code level; ignoring the establishment of internal network usage policies and other types of gateway level protection that will help mitigate denial of service attacks, for example.

Complete security requires an approach that not includes your developers, but IT staff, your web host and other security service providers and resources serving the application, network and human layers.

Some of the most common application layer threats are typically directed towards compromising private user data for the sake of financial gain. Through the injection of code to pull data and trick users into sharing private information cybercriminals gain access.

Examples of the most attacks include:

  • Cross-Site Scripting (XSS)
  • Injection Flaws
  • Malicious File Execution
  • Insecure Direct Object Reference
  • Cross Site Request Forgery (CSRF)
  • Broken Authentication and Session Management
  • Insecure Cryptographic Storage
  • Insecure Communications
  • Failure to Restrict URL Access

hackers

While other attacks like distributed denial of service attacks (DDos) are designed to completely cripple your business’ ability to serve clients and access critical network assets. These are simply meant to hemorrhage and take your business down causing unimaginable and sometimes irreparable damage.

For these types of attacks, you certainly cannot rely on your web server host for protection. And investing in the physical infrastructure and staff to manage, implement and monitor mitigation appliances and services will definitely put a dent in your cashflow.

DDos Could be the Greatest Threat

DDos works by overloading and flooding network servers with data packets and requests to the extent where the server is unable to respond; therefore, taking down the network. DDos attacks have grown more sophisticated with packet floods growing larger, maxing out at around 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic regularly surpassed 30 Gbps – throughput rarely seen a decade ago. The 1st quarter of 2014 saw a 240% increase in botnet activity.

Attackers also have targeted other parts of the network infrastructure. Corporate domain name service servers are a common target, and in this case, customers can no longer access a company’s service. Under these attacks, the number of data center capacity a company has is irrelevant as the requests will never reach the data center. Network availability is a critical focal point for ensure business uptime and deliverability.

These attacks have evolved far beyond the capabilities of the typical in-house network security appliance that will inevitably face an overwhelmed network. The ssolutionafest and most effective approach is through a hybrid approach from a security company which offers web application firewalls, CDNs, real-time monitoring and high-class network security appliances to detect and block unwanted traffic in the earliest possible instance.

You’re Not Alone in the Fight & Where to Start

Security companies offering a security-as-a-service model mean that your business is saved from investing in staff and infrastructure to acquire a world-class security system. For instance, the load balancing and failover service offered by Incapsula, is very affordable, starting from $19 per month. Incapsula offers an enterprise-grade cloud-based solution supporting all in-datacenter and cross-datacenter scenarios ensuring high availability and protecting against the most powerful DDos attacks, offers instant propagation and distribution algorithms that will guarantee routing to healthy servers.

First-class infrastructure coupled with real-time monitoring capabilities mean that you and Incapsula’s team are accountable for the health of all your network assets. This is very valuable in the case of zero-day attacks that do not have known fixes, giving you the resources and data to act quickly to prevent loss.

Making the decision to migrate the management and protection of your network assets to a security-as-a-service solution, may be the best investment you could make for ensuring reliable disaster recovery and threat mitigation. It’s a sure-fire way to keep your business on the cutting edge of web security as cybercriminals become more covert and powerful.

The American Genius is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Tech News

Facebook policy sets themselves up for yet another failure

(TECH) Facebook’s role in news consumption increases, and their new policy regarding news is raising eyebrows.

Published

on

facebook

Facebook did not get a lot of likes a when it was facing scrutiny for taking money for Russian ads, and their subsequent role in the 2016 Presidential election. In response to that, Facebook announced its Ad Archive – a public political archive to allow users more transparency in who purchased those ads like you can on television. Additionally, they changed their political ads policy.

Of course, the goal of this is to promote transparency and give the public an opportunity to scrutinize advertisers and have more control about what they do with that information. Facebook and the world at large acknowledges that still isn’t a perfect solution, and there are many problems left to work out, including how perpetrators can get around the new rules by simply setting up an LLC.

Now, Facebook says they will include news pages in their Ad Archives. While this decision was originally opposed by many news publishers, and Facebook compromised by putting them in a separate category, it has officially become part of Facebook policy.

To be a news page, there are several criteria pages and promoters must follow, including focusing on current events and news, spreading factual and true information, and publishing content that is not user generated or aggregated from other areas of the web. Also, the amount of advertising content can not exceed the amount of content related to news.

Facebook’s decision to include news publishers involved some input from The Trust Project was a decent step, but it’s almost certain that many publishers are raising their eyebrows at the decision to include them in the archive, with the indication that news organizations are as suspect as corrupt Russian players. It is particularly grating in an environment where Twitter has opted not to lump news and Russian actors together.

Certainly, how publishers spend their dollars and make platform decisions will be impacted, especially as this continues. Given the broad domains of ad archive – elections, elected officials, and issues of national importance – we are likely to see how things play out over the next few months.

The biggest concern of course, is how this sets Facebook up for another failure in regards to how it handles news, and how this will impact the people receiving that news. And hopefully, we find out before the stakes are too high.

Continue Reading

Tech News

Quickly delete years of your stupid Facebook updates

(SOCIAL MEDIA) Digital clutter sucks. Save time and energy with this new Chrome extension for Facebook.

Published

on

facebook desktop

When searching for a new job, it’s always a good idea to scan your social media presence to make sure you’re not setting yourself up for failure with offensive or immature posts.

In fact, you should regularly check your digital life even if you’re not on the job hunt. You never know when friends, family, or others are going to rabbit hole into reading everything you’ve ever posted.

Facebook is an especially dangerous place for this since the social media giant has been around for over fourteen years. Many accounts are old enough to be in middle school now.

If you’ve ever taken a deep dive into your own account, you may have found some unsavory posts you couldn’t delete quickly enough.

We all have at least one cringe-worthy post or picture buried in years of digital clutter. Maybe you were smart from the get-go and used privacy settings. Or maybe you periodically delete posts when Memories resurfaces that drunk college photo you swore wasn’t on the internet anymore.

But digging through years of posts is time consuming, and for those of us with accounts older than a decade, nearly impossible.

Fortunately, a new Chrome extension can take care of this monotonous task for you. Social Book Post Manager helps clean up your Facebook by bulk deleting posts at your discretion.

Instead of individually removing posts and getting sucked into the ensuing nostalgia, this extension deletes posts in batches with the click of a button.

Select a specific time range or search criteria and the tool pulls up all relevant posts. From here, you decide what to delete or make private.

Let’s say you want to destroy all evidence of your political beliefs as a youngster. Simply put in the relevant keyword, like a candidate or party’s name, and the tool pulls up all posts matching that criteria. You can pick and choose, or select all for a total purge.

You can also salt the earth and delete everything pre-whatever date you choose. I could tell Social Book to remove everything before 2014 and effectively remove any proof that I attended college.

Keep in mind, this tool only deletes posts and photos from Facebook itself. If you have any savvy enemies who saved screenshots or you cross-posted, you’re out of luck.

The extension is free to use, and new updates support unliking posts and hiding timeline items. Go to town pretending you got hired on by the Ministry of Truth to delete objectionable history for the greater good of your social media presence.

PS: If you feel like going full scorched Earth, delete everything from your Facebook past and then switch to this browser to make it harder for Facebook to track you while you’re on the web.

Continue Reading

Tech News

Why are all apps starting to look exactly the same?

(TECHNOLOGY) As apps evolve, they are beginning to look uniform – is this a good or bad thing?

Published

on

apps looking uniform

Have you noticed that all apps are beginning to look a lot alike? Many popular social media apps are utilizing minimalist designs, featuring lots of black and white with negative space and little color.

At a glance, you may not be able to differentiate what’s Airbnb and what’s Instagram. Normally, something like this could be argued to be unoriginal and boring. However, let’s look at the positives.

If every app – for the most part – is operating with the same design, they’re not trying to constantly one-up each other with the next big look. As a result, they have more time to focus on what’s important – the content found on the app and the functions of the app.

While many apps offer similar features (like Snapchat, Facebook, and Instagram both having Stories), every social media app has its own flair that keeps users coming back. And, user retention is higher if they feel comfortable using the app – which is another plus of them all having similar designs.

If you have 12 different social media apps with 12 different interfaces and means of operation, it’s unlikely that a user will keep up with all 12. But, if they know exactly how to use them, the user can flip back and forth like it’s nothing.

However, “app fatigue is a real thing,” said Yaz of UX Collective. “Most people have grown tired of bouncing between too many apps or learning how to use a new interface after every new download.”

Below is Yaz’s exploration of the uniformity in apps:

Research has found that a quarter of all apps are deleted after just one use. People tend to stick with the apps that they have found made a positive impact in their lives – either for communication with others or apps that save them time.

Uniformity means developers can spend more of their time on creating the content that will aid in better communication and more time saving options.

Again, what it comes down to is the content and function. That’s where the true creativity comes in. People aren’t using Airbnb because the app or the website are ridiculously exciting; they’re using it because it offers a service that is beneficial.

What are your thoughts on app uniformity? Unoriginal, or a stepping stone for what’s really important?

Continue Reading
Advertisement

Our Great Parnters

The
American Genius
news neatly in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Emerging Stories