Connect with us

Tech News

Rise of the Super-Malware: why it matters to every professional

Super-Malware is often misunderstood by the average professional but can cost any brand big bucks, so let’s brush up on the topic together!

Published

on

super malware

super malware

Super-Malware has become intense, more common

You already know about malware and you’ve learned not to click stupid links, but your company is vulnerable in more ways than just simple viruses sent over emails, with threats coming from new and increasingly intelligent sources.

To help us better navigate these vulnerabilities for every company (even a one person operation), we tapped the wisdom of Maddie Grant, who outlines below the rise of the Super-Malware:

Threats outpace the rise of awareness

Over the last few years the volume and intensity of malicious web security attacks has grown dramatically, thanks mainly to greater access to high-powered distributed systems and automation; and exploit kits that make execution and distribution simpler for cybercriminals. The strength of attacks is daunting and though the internet community is growing more aware of general risks, the threats seem to outpace it. 2013 is dubbed the year of the mega breach, where we witnessed 253 major breaches that exposed 552 Million identities including credit card data, addresses, passwords and other personal information. This was a 62% increase over 2012 (according to Symantec).

Website vulnerability has been a very attractive starting point for cybercriminals to inject and launch their attacks. Symantec’s state of web security report reveals that 77% of the websites they researched had exploitable vulnerabilities and 1-in-8 was critical. With unchecked access to websites, cyber-criminals are left to roam free executing zero-day exploits that covertly infiltrate to not only steal data but also cripple legitimate networks.

The battle to protect your website and guarantee availability for your clients and other site visitors is a critical area of focus for your company. Depending on the reach and scope of your business and the number of clients being served, a data breach can easily cost you upwards of $5.4 Million. Thankfully, it costs significantly less to protect your web assets.

breach

The Types of Attacks & Risk to your Business

Protecting your website and networks requires input and insight for all aspects of the services you’re providing both to clients and internally. If you’re primarily delivering a service online via a software-as-a-service model, you may be inclined to focus solely on making your web application secure at the code level; ignoring the establishment of internal network usage policies and other types of gateway level protection that will help mitigate denial of service attacks, for example.

Complete security requires an approach that not includes your developers, but IT staff, your web host and other security service providers and resources serving the application, network and human layers.

Some of the most common application layer threats are typically directed towards compromising private user data for the sake of financial gain. Through the injection of code to pull data and trick users into sharing private information cybercriminals gain access.

Examples of the most attacks include:

  • Cross-Site Scripting (XSS)
  • Injection Flaws
  • Malicious File Execution
  • Insecure Direct Object Reference
  • Cross Site Request Forgery (CSRF)
  • Broken Authentication and Session Management
  • Insecure Cryptographic Storage
  • Insecure Communications
  • Failure to Restrict URL Access

hackers

While other attacks like distributed denial of service attacks (DDos) are designed to completely cripple your business’ ability to serve clients and access critical network assets. These are simply meant to hemorrhage and take your business down causing unimaginable and sometimes irreparable damage.

For these types of attacks, you certainly cannot rely on your web server host for protection. And investing in the physical infrastructure and staff to manage, implement and monitor mitigation appliances and services will definitely put a dent in your cashflow.

DDos Could be the Greatest Threat

DDos works by overloading and flooding network servers with data packets and requests to the extent where the server is unable to respond; therefore, taking down the network. DDos attacks have grown more sophisticated with packet floods growing larger, maxing out at around 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic regularly surpassed 30 Gbps – throughput rarely seen a decade ago. The 1st quarter of 2014 saw a 240% increase in botnet activity.

Attackers also have targeted other parts of the network infrastructure. Corporate domain name service servers are a common target, and in this case, customers can no longer access a company’s service. Under these attacks, the number of data center capacity a company has is irrelevant as the requests will never reach the data center. Network availability is a critical focal point for ensure business uptime and deliverability.

These attacks have evolved far beyond the capabilities of the typical in-house network security appliance that will inevitably face an overwhelmed network. The ssolutionafest and most effective approach is through a hybrid approach from a security company which offers web application firewalls, CDNs, real-time monitoring and high-class network security appliances to detect and block unwanted traffic in the earliest possible instance.

You’re Not Alone in the Fight & Where to Start

Security companies offering a security-as-a-service model mean that your business is saved from investing in staff and infrastructure to acquire a world-class security system. For instance, the load balancing and failover service offered by Incapsula, is very affordable, starting from $19 per month. Incapsula offers an enterprise-grade cloud-based solution supporting all in-datacenter and cross-datacenter scenarios ensuring high availability and protecting against the most powerful DDos attacks, offers instant propagation and distribution algorithms that will guarantee routing to healthy servers.

First-class infrastructure coupled with real-time monitoring capabilities mean that you and Incapsula’s team are accountable for the health of all your network assets. This is very valuable in the case of zero-day attacks that do not have known fixes, giving you the resources and data to act quickly to prevent loss.

Making the decision to migrate the management and protection of your network assets to a security-as-a-service solution, may be the best investment you could make for ensuring reliable disaster recovery and threat mitigation. It’s a sure-fire way to keep your business on the cutting edge of web security as cybercriminals become more covert and powerful.

The American Genius (AG) is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Tech News

FCC Chairman confirms fears, jokes about being a Verizon shill

(TECH NEWS) FCC Chairman Ajit Pai jokes about being a shill for Verizon, feeding into what many suspected when he was appointed.

Published

on

ajit pai speaking

Leaked video shows FCC Chairman Ajit Pai joking about being a shill for Verizon, as we all suspected when he was nominated. Last week Pai was a speaker at the Federal Communications Bar Association, an event similar to the White House Correspondents Dinner.

Major telecom companies and the FCC gather at this annual event for dinner, mingling, and enduring awkward political policy jokes. At the event, Pai roasted himself about major headlines from the past year, like his decision to kill net neutrality against the wishes of the majority of the nation. Hilarious.

Pai also brought up the whole thing where he refused to cooperate with an investigation into the validity of comments filed in support of ending net neutrality.

Although cameras weren’t officially present at the event, someone surreptitiously filmed and sent the clip to Gizmodo. The kicker comes around twenty minutes into Pai’s speech when he jokes, “in collusion—I mean, in conclusion, sorry, my bad—many people are still shell-shocked that I’m up here tonight.”

He goes on, “they ask themselves, how on earth did this happen? Well, moments before tonight’s dinner, somebody leaked a fourteen-year-old video that helps answer that question, and in all candor, I can no longer hide from the truth.”

Pai then starts a video, which opens with 50 Cent’s “In Da Club” playing in the background. This is the only thing I’ll give him points for on this amateur drama class project.

The skit is set in 2003 at “Verizon’s DC Office”, when Pai was an attorney for the company. In the video, Kathy Grillo, current Verizon senior VP and deputy general counsel, tells Pai, “As you know, the FCC is captured by the industry, but we think it’s not captured enough, so we have a plan.”

“What plan?” Pai asks. Grillo tells him, “We want to brainwash and groom a Verizon puppet to install as FCC chairman. Think ‘Manchurian Candidate.’” To which Pai responds, “That sounds awesome!”

Gizmodo posted the video on Friday after the dinner, and the internet exploded with reactions to Pai’s gag. Reddit in particular went nuts, to the point that one thread in r/technology was locked—as in no one else can comment—for “too much violence.”

In a thread on the r/television subreddit, a moderator reminds users, “please refrain from encouraging or inciting violence or posting personal information […] don’t post anything inviting harassment, don’t harass, and don’t cheer on or upvote obvious vigilantism.”

While some of the threads were full of awful remarks, other posters commented in the spirit of reasonable conversation. The general sentiment of those engaged in non-harassing discussions is that Pai is a symptom, not the cause of FCC’s problems.

However, many argued that the video showed Pai’s willingness to bend (then joke about) FCC regulations indicates he’s not a puppet so much as a willing participant in corruption. Pai’s appointment to FCC Chairman was suspicious from the beginning considering his ties to Verizon.

Although Pai is obviously joking in the leaked video, the general public isn’t find it nearly as funny as those at the dinner.

Check out the clip for some cringe-worthy digs at net neutrality and have fun questioning the integrity of the FCC.

Continue Reading

Tech News

FCC Grinches plan to steal poor peoples’ Internet access

(TECH NEWS) Merry Christmas! The FCC is trying to take away poor people’s Internet access, pointing the finger one way to distract you from the other.

Published

on

ajit pai net neutrality

In case anybody with enough bandwidth to read this wasn’t sufficiently terrified by the FCC’s ongoing campaign to break the internet by dismantling net neutrality, the nation’s communication authority has kindly provided another reason for any digital-enabled American to expatriate and/or secede.

The FCC’s most recent reform proposal proposes to reform the absolute Hell out of Lifeline, the $2.25 billion program to provide low-income Americans with broadband Internet access. Also, phones. The Lifeline Program has been doing its job since 1985, when noted socialist firebrand Ronald Reagan instituted it to subsidize phone service in underprivileged communities. It was expanded to include broadband Internet access in 2016, and right now 12 million households benefit from Lifeline-subsidized phone and Internet access.

That’s apparently a problem.

The FCC’s stated concern is that the General Accounting Office recently found $1.2 million of the $2.25 billion Lifeline budget was being used fraudulently. Fraud is bad! But in case you don’t have your TI-85 handy, that’s less than a tenth of 1 percent. That is not very much fraud. Not enough to nix an entire program, at least.

The greater concern, as usual, appears to be about profit. Under the current Lifeline guidelines, many subsidized companies are small ISPs and resellers providing access to third-party networks. Often, these services are the only Internet access available in rural areas, tribal lands, and other underserved communities.

That doesn’t work for Commissioner Pai.

Earlier this year, Pai used “delegated authority,” the FCC’s version of executive orders, to bypass oversight and personally rescind subsidy access from 9 ISPs providing services to rural areas and tribal lands.

These reforms continue that trend. They ban subsidies for no-cost Internet service, which is the business model of 70% of current Lifeline subsidy recipients. It is notably not the business model of large ISPs that rhyme with Buhrizon. I’m sure that’s a coincidence.

They also impose an absolute budget cap, meaning that millions of poor households could lose their Internet access, and the increased opportunities for education and employment that come with it, if someone in a comfy office a thousand miles away effs up the accounting.

In short, it sucks.

The proposed reforms to the Lifeline Project are another example of the FCC, deliberately or through negligence, rigging the market in favor of major conglomerates at the expense of consumers, small businesses and the general public.

Lifeline isn’t perfect, but it’s doing its job. Whether the same can be said for Ajit Pai’s FCC is, at best, an open question.

Continue Reading

Tech News

Get motivated with a ding sound every time someone visits your new site

(TECHNOLOGY) This tool provides motivation for new websites by ding-donging every time a new visitor stops by! Talk about a dopamine rush!!

Published

on

ding sound site visitor

It seems like everyone these days has a brand new website they can’t wait to share with the world. All these micro-businesses are starting their journeys at the very beginning: with zero website visitors, big plans, and a lot of hope. A new chrome extension has found a way to help motivate these big dreamers at the very beginning of their business’ lives.

Startup Bell – a doorbell for Google Analytics – audibly rings every time a website gets a new user and shows the number of current active users right in their browser’s toolbar.

That simple ding-dong could soon provide a dopamine rush to any founder that uses it. In the early days of startups and passion project websites’ visitors- though initially, typically the founder’s mom and their Facebook friends – are a positive indication that business is growing and that reassuring ding-dong is real time motivation to keep doing what you’re doing.

Marketing a business is now as inexpensive as it’s ever been with cheap Instagram and Facebook ads reaching a prime millennial audience. With to-the-minute feedback, this Chrome extension can give you insight into which marketing strategies work and which flop. It’s also an immediate payoff to that ten dollar Facebook ad.

While this lean extension only provides a ding-dong for every new visitor and has very few settings, maker Branimir hopes that future versions will include the option to have dings at certain intervals (like every 100 visitors) to support websites as they grow and don’t ding incessantly.

Branimir also stated on Product Hunt, that future versions of the plug-in may offer a similar tool for sales. When the noise played means money in your pocket, that dopamine rush could get even more addictive.

This is simple little plug-in could provide much needed motivation for startups and new businesses alike. With real-time feedback, companies will get a morale boost in the early stages of their company’s life. The next step is to make sure users’ dogs don’t go crazy every time someone visits their website and they hear that ding-dong.

Continue Reading
Advertisement

The
American Genius
News neatly in your inbox

Join thousands of AG fans and SUBSCRIBE to get business and tech news updates, breaking stories, and MORE!

Emerging Stories