Coleman Technologies Blog

We aren’t alone in believing so, either. A recent study examined twenty such AI-integrating cybercrimes to see where the biggest threats would lie.  

Here, we’re looking at the results of this study to see what predictions can be made about the next 15 years where AI-enhanced crime is concerned. Here’s a sneak preview: Deepfakes (fake videos of celebrities and political figures) will be very believable, which is very bad.

The Process

To compile their study, researchers identified 20 threat categories from academic papers, current events, pop culture, and other media to establish how AI could be harnessed. These categories were then reviewed and ranked during a conference attended by subject matter experts from academia, law enforcement, government and defense, and the public sector. These deliberations resulted in a catalogue of potential AI-based threats, evaluated based on four considerations:

• Expected harm to the victim, whether in terms of financial loss or loss of trust.
• Profit that could be generated by the perpetrator, whether in terms of capital or some other motivation. This can often overlap with harm.
• An attack’s achievability, as in how feasible it would be to commit the crime in terms of required expense, technical difficulty, and other assorted obstacles.
• The attack’s defeatability, or how challenging it would be to overcome, prevent, or neuter.

Split amongst themselves, the group ranked the collection of threats to create a bell-curve distribution through q-sorting. Less-severe threats and attacks fell to the left, while the biggest dangers were organized to the right.

When the group came back together, their distributions were compiled to create their conclusive diagram.

How Artificial Intelligence Cooperates with Criminality

In and of itself, the concept of crime is a very diverse one. A crime could potentially be committed against assorted targets, for several different motivating reasons, and the impact that the crime has upon its victims could be just as assorted. Bringing AI to the party—either in practice or even as an idea—only introduces an additional variable.

Having said that, some crimes are much better suited to AI than others are. Sure, we have pretty advanced robotics at this point, but that doesn’t mean that using AI to create assault-and-battery-bots is a better option for a cybercriminal than a simple phishing attack would be. Not only is phishing considerably simpler to do, there are far more opportunities to profit from it. Unless there is a very specific purpose to a crime, AI seems most effective in the criminal sense when used repeatedly, on a wide scope.

This has also made cybercrime an all-but-legitimate industry. When data is just as valuable as any physical good, AI becomes a powerful tool for criminals, and a significant threat to the rest of us.

One of the authors of the study we are discussing, Professor Lewis Griffin of UCL Computer Science, put the importance of such endeavors as follows: “As the capabilities of AI-based technologies expand, so too has their potential for criminal exploitation. To adequately prepare for possible AI threats, we need to identify what these threats might be, and how they may impact our lives.”

The Results of the Study

When the conference had concluded, the assembly of experts had generated a bell curve that ranked 20 threats, breaking each down by describing the severity of the four considerations listed above—specifically, whether or not they were to a criminal’s benefit. Threats were grouped in the bell curve based on similar severity, and so the results neatly split into three categories:

Low Threats

As you might imagine, those crimes ranked as low threats suggested little value to the cybercriminal, creating little harm and bringing no profit while being difficult to pull off and easy to overcome. In ascending order, the conference ranked low threats as such:

• 1. Forgery
• 2. AI-assisted stalking and AI-authored fake reviews
• 3. Bias exploitation to manipulate online algorithms, burglar bots, and evading AI detection

(In case you were wondering, “burglar bots” referred to the practice of using small remote drones to assist with a physical break-in by stealing keys and the like.)

Medium Threats

Overall, these threats leveled themselves out. The considerations for most canceled each other out, generally providing no advantage or disadvantage to the cybercriminal. The threats included here were as follows:

• 4. Market bombing to manipulate financial markets through trade manipulation, tricking face recognition software, blocking essential online services through online eviction, and utilizing autonomous drones for smuggling and interfering with transport.
• 5. Learning-based cyberattacks (or an artificially intelligent distributed denial of service attack), fake AI sold in a snake oil misrepresented service, data poisoning by injecting false numbers, and hijacked military robots.

High Threats

Finally, we come to those AI-based attacks that the experts felt the most concerned about as sources of real damage. These columns broke down as such:

• 6. AI being used to author fake news, blackmail on a wide scale, and disrupting systems normally controlled by AI.
• 7. Tailored phishing attacks (what we call spear phishing) and weaponized driverless vehicles.
• 8. Audio/visual impersonation, also referred to as Deepfakes.

Deepfakes are a digital recreation of someone’s appearance to make it appear as though they said or did something that they didn’t or were present somewhere that they never were. You can find plenty of examples on YouTube of Deepfakes of various quality. Viewing them, it is easy to see how inflammatory and damaging to someone’s reputation a well-made Deepfake could prove to be.

Don’t Underestimate Any Cyberattack

Of course, now that we’ve gone over these threats and described how much of a practical threat they really are, it is important that we remind ourselves that all of these threats could damage a business in some way, shape, or form. We also can’t fool ourselves into thinking that these threats must be staged with AI. Human beings could also be responsible for most of them, which makes them no less of a threat to businesses.

It is crucial that we keep this in mind as we work to secure our businesses as we continue to operate them.

As more and more business opportunities can be found online, more and more threats have followed them. Keeping your business protected from them—whether AI is involved or not—is crucial to its success.

Coleman Technologies can help you keep your business safe from all manner of threats. To find out more about the solutions we can offer to benefit your operations and their security, give us a call at (604) 513-9428.

Potential data breaches are increasingly problematic for organizations, and the most common way that data is stolen is through phishing attacks. Phishing attacks are currently one of the most pervasive threats on the Internet, and you need to understand them to thwart their effectiveness against your users. Let’s explore what exactly a phishing attack consists of and some best practices you can use to defend your network against them.

What is a Phishing Attack?

Phishing is an attack method in which scammers try tricking you into giving important information by pretending to be from a trustworthy source. It involves someone trying to obtain passwords through deception. Scammers pretend to be someone you can trust. This is usually done through deceptive emails, messages, or websites that appear to be from trusted sources, like banks or well-known companies. The goal is to “phish” for this information and use it for malicious purposes, such as identity theft or financial fraud.

Four Practices to Help Protect Your Network

Let’s look at a few ways to keep phishing attacks from breaking into your network.

• Be cautious with links and attachments - Avoid clicking on links or downloading attachments from unknown or suspicious sources. Phishing emails often disguise malicious links to look legitimate. Hover over a link to check the URL before clicking.
• Verify the sender’s identity - Double-check the sender’s email address, especially for unexpected messages or requests for sensitive information. Phishers often use addresses that look similar to legitimate ones but have slight differences.
• Look for signs of phishing - Be wary of generic greetings, spelling or grammar mistakes, and urgent requests for personal or financial information. Legitimate companies usually address you by name and don't pressure you into immediate action.
• Use Multi-Factor Authentication - Enable MFA wherever possible to add an extra layer of security. Even if a phisher gets your password, MFA can do a good job of slowing down or completely preventing unauthorized access.

To protect your business, you need to understand phishing and do what you can to prevent falling victim to it. You will want to create a comprehensive training regimen focusing on faux phishing attacks to bring awareness to employees who may not have a naturally security-minded approach. 

If you would like to learn more about actions you can take to keep the massive amount of phishing attacks you and your employees receive at bay, give our team of experts a call at (604) 513-9428. 

Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million.

How Could My Asus Laptop Get Hacked?

This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now.

The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack.

What Do I Do Now?

First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date.

If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed.

Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool.

We HIGHLY encourage you to reach out to Coleman Technologies if you are running any Asus hardware. It’s better to be safe than sorry.

The URL

Before we get into the manipulation of the URL, let’s define its parts. 

The first part of the URL is called the protocol, which tells the computing network which language is being used to communicate on said network. Most of the time, the URL will use the protocol “HTTP”. The HyperText Transfer Protocol makes it possible to exchange web pages. Other protocols that are used include File Transfer Protocol, News, and Mailto. 

The second part of the URL is the ID and password, which makes it possible to access secure servers on the network. This part is typically removed because the password will be visible and transfer unencrypted over the computer network.

The third part of the URL is the server name. It allows users to access information stored on specific servers whether through a domain or the IP address associated with the server. 

The fourth part of the URL is the port number. This number is associated with a service and tells the server what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80.

Finally, the fifth, and last, part of the URL is the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

By manipulating parts of the URL, a hacker can gain access to web pages found on servers that they wouldn’t normally have access to. Most users will visit a website and then use the links provided by the website. This will get them to where they need to go without much problem, but it creates their own perimeters.

When a hacker wants to test the site for vulnerabilities, he’ll start by manually modifying the parameters to try different values. If the web designer hasn’t anticipated this behavior, a hacker could potentially obtain access to a typically-protected part of the website. This trial and error method, where a hacker tests directories and file extensions randomly to find important information can be automated, allowing hackers to get through whole websites in seconds. 

With this method they can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

Securing your server against URL attacks is important. You need to ensure that all of your software is updated with the latest threat definitions, and keeping a detailed configuration will keep users in their lanes, even those who know all the tricks. 

The IT experts at Coleman Technologies can help you keep your business’ IT infrastructure from working against you. Call us today at (604) 513-9428 for more information about how to maintain your organization’s network security.

This past January, the Federal Bureau of Investigation issued an announcement that they had targeted and taken down the servers for a Dark Web organization responsible for the Hive ransomware group. While there is certainly cause for celebration here, one major statistic is enough reason to continue being concerned.

Only About 20% of Hive’s Victims Reported Their Problems to Law Enforcement

That’s over seven months, too. This is nowhere near enough, and even worse is the fact that law enforcement officials are under the impression that this number is high. There are several reasons why this might be the case, however. Some of them include:

• Federal investigators would be just another distraction to internal IT teams and complicate the process of data recovery efforts.
• Businesses might just not think to report it in the highly-stressful circumstances following a ransomware attack.
• Some organizations might believe that involving authorities would only escalate the attacks or get in the way of their own investigations.

However, the FBI’s goal is to identify those responsible for a given attack and to recover the data and/or funds, working discreetly to lend its aid to those impacted.

The FBI is putting forth effort to improve relationships with businesses so that proactive measures can be taken, in the event incidents occur. These resolutions can occur much more quickly if the organization has a good relationship with impacted businesses.

If You Work with Us, You Can Bet on the FBI’s Support

Considering the plethora of resources at the government’s disposal, it would be foolish not to involve the FBI in any ransomware attack. Furthermore, information from your attack could prove useful in finding and eliminating threat actors so that others don’t have to suffer the same fate as you—a worthy cause to say the least.

We’ll still work to prevent attacks whenever possible—after all, that is the best way to respond to attacks of any kind, to prevent them rather than deal with them as they happen—but that’s a different story. To get started, give us a call at (604) 513-9428.

In this blog, we do our best to give people the knowledge they need to protect themselves and their organizations while operating online. With all the digital tools that we all have come to rely on, it’s important to understand the result of a data breach on organizations and their customers. In today’s blog, we go through six of the most devastating data breaches that happened in 2023. 

T-Mobile 

At the very beginning of 2023, telecommunications giant T-Mobile announced that it had suffered what ended up being the most noteworthy data breaches of the entire year. Cybercriminals were able to use the T-Mobile API to steal data…for months. When T-Mobile found out about the attack, more than 37 million customers had their personal data exposed. Unfortunately for the company, they were the victims of a second breach only months later that cost the business more than $100 million to remediate. Overall customer names, billing addresses, phone numbers, and emails were leaked online. 

Mailchimp

Also early in 2023, digital marketing company Mailchimp discovered a data breach that affected user accounts and employee information and credentials. They were the victim of a social engineering attack that was unfortunately successful. Victims had their names, store web addresses and email addresses stolen. 

ChatGPT

One of the major innovators of AI was the victim of a serious cyberattack in March of 2023. The attack exposed the first and last names of users and their email addresses along with access to payment addresses and the last four digits of their credit cards. Open AI, ChatGPT’s parent company, was forced to take the service down briefly to address the breach.

Yum! Brands

The parent company of major fast food chains KFC, Taco Bell, and Pizza Hut was attacked in April of 2023. When it was discovered, the breach was thought to have only affected corporate data, but after careful consideration, it was found that some employee personal data was exposed in the breach. The result was stark as the company was forced to close down hundreds of locations outside of the United States and continues to pay handsomely for the breach.

Activision

One of the largest and most successful video game publishers: Activision found they were hacked in February 2023, a breach that occurred in December of 2022. The company's release schedule was unearthed and so was some employee data. A third-party security contractor found that the breach was the result of an SMS phishing attack.  Employee emails, phone numbers, salary details, and work locations were exposed in the breach.

PharMerica

In the largest data breach of a HIPAA-covered entity in 2023, the pharmacy provider PharMerica reported that 5.8 million individuals’ personal information was exposed in March of 2023. The breach was the result of a sophisticated attack carried out by the ransomware group “Money Message.” Some of the information exposed in the breach includes names, addresses, dates of birth, Social Security numbers, individual prescription information, and health insurance data. 

These are the extreme examples, but your business is just as (or more) susceptible to a data breach than any of them. That’s why you need to take your cybersecurity strategies seriously. If you would like to learn more about what you can do to keep your business as secure as it can be, including strategies for employee training, data, network security, and much more, give us a call today at (604) 513-9428.

While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful all the time. There are too many threats and too many variables to consider, and zero-day exploits are often discovered well after they are actively being exploited by threats. How can you keep zero-day exploits from impacting your business?

What Exactly Is a Zero-Day Exploit?

To put it simply, zero-day exploits are flaws in systems that are discovered only after they have been targeted by a threat. The severity of the attacks can vary wildly, ranging from discrete and covert hacks that go undetected for some time, to in-your-face hacks that don’t care about being discovered by the user. In the case of the former, zero-day exploits can go undocumented for so long that it becomes an even greater threat and logistical nightmare for security researchers and developers.

Why Are They So Dangerous?

The main reason why zero-day exploits are so devastating is that they are undocumented and therefore hard to predict or take action to prevent. This unknown factor means that people often don’t know they exist until the flaw is being leveraged by hackers, making it even more crucial that developers act with haste to patch the flaw.

The problem here is that issuing patches to these types of issues takes time—time which is of the essence. As long as the threat is actively being exploited, users remain at risk until the patch has been issued, and after the lid has been blown off the vulnerability, you can bet that hackers will do all they can to take advantage of the exploit before it is fixed.

What Can You Do About Them?

Zero-day flaws are inherently dangerous because security researchers and professionals have precious little time to address them. That said, you do have some options available to you to protect your infrastructure as best you can, at least until the patch has been issued.

First, you want to consider a comprehensive security solution designed specifically for enterprise-grade security. Coleman Technologies can help you implement such a system to mitigate most security threats. At the same time, you’ll want to ensure your team has the training they need to identify potential threats and the reporting structure for how they can let IT know if something is amiss. We also recommend that you actively monitor your systems to detect abnormalities before they cause irreparable damage. All in all, you want a proactive strategy rather than a reactive strategy for your IT.

Coleman Technologies can help you put this plan into practice. To learn more about what we can do for your organization, call us today at (604) 513-9428.

Over the past few years, huge scamming operations have operated in Southeast Asia, and now they are spreading. These scams—known as pig butchering scams—cause serious harm, as in an estimated $75 billion worldwide in 2023.

With these sorts of operations spreading, let’s go over what pig butchering is. 

What is Pig Butchering?

Traditionally, farmers process their swine to make them ideal for the market. Pig butchering scams do the same. Much like farmers fatten up their droves, these pig butchering operations will nurture a single target over time, building what appears to be a long-distance, intimate relationship with the target. Once the target is well and truly hooked, the scammer requests that they send cryptocurrency to help them get out of a jam.

The victim does so, and suddenly, a meaningful relationship is torn from their life as the scammer vanishes, off to swindle their next victim.

These attacks can leave their victims crushed, and it doesn’t help that the people running these scams are often enslaved themselves, abducted and forced to steal in exchange for freedom that likely will never come.

These operations have since spread from Southeast Asia to across the world. Dubai has become almost an epicenter for these activities in the past few years, with its massive international migrant population serving as a buffet of targets for the people running the scams to manipulate and effectively imprison.

Similarly, these scams have started stretching across Africa, as gangs operating in Nigeria and other countries have begun adopting these tactics as well. With a history of similar scams associated with that region and prefabricated pig butchering kits available for sale, it has become incredibly simple for these scams to spread.

These scam centers have also been spotted in Georgia, Peru, Sri Lanka, El Salvador, and the Isle of Man, meaning the chance of you being targeted only increases as time passes.

How You and Your Team Should Avoid Pig Butchering

While pig butchering scams generally target individuals, you want your team members to be as cybersecure as possible. After all, who’s to say that an online paramour wouldn’t try to convince them to steal your financial accounts?

Make sure your team knows about attacks like phishing and spoofing and how easy it is for scammers to mine the internet for photos and even videos to fool them… especially with AI now on the table. Your team must know and practice safeguards against these threats and the many others that are out there today.

This is a big part of how you need to prepare your business to contend with cyberattacks as well, and we can help. Contact us at (604) 513-9428 to learn more about what we can do to help protect your business.

Scammers look to take advantage of someone else for their own gain, but there are some scammers out there who are trying to scam the scammers to teach them a lesson. One such individual is “Kitboga,” a content creator who calls themselves a “scam baiter.”

Kitboga’s Story is Rooted in Familial Concern

In 2017, Kitboga, or Kit for short, learned about a chatbot that could waste a scam artist's time, expose them online, and showcase the dangers that they represent to particularly vulnerable populations, like the elderly. Kit channeled his expertise in computer software engineering and his concern for his grandparents into developing ways to combat these crimes.

After doing this independently for some time, Kit established a presence on the Twitch live streaming platform to combat scammers in real time. Kit specializes in “scam baiting” content, where he keeps scammers on the line as long as possible and tries to manipulate them into his own traps.

Kit’s strategy is simple: waste as much of their time as possible, while also collecting enough information to potentially report them to authorities like banks, law enforcement, or even the FBI and Secret Service (although it should be noted that neither agency has confirmed involvement or cooperation with the streamer).

Kitboga Scams the Scammers and Educates His Audience

Kit’s streams serve more than just to make fools out of scammers. He is also trying to educate his audience on how these cyberthreats function. These threats will often try to have their victim install malware or spyware, and some ask for people to send them a gift card with the intention of scamming them. He has even seen pig butchering scams, where the scammer will build up trust and then strike when the victim least expects it.

Kit’s far from alone here, too; he has built up a small team to help him in these efforts.

As you can imagine, Kit’s efforts have given his audience significant knowledge of how to spot scams throughout their daily lives. He has even created an AI-powered “honeypot” which lures in scammers, then traps them in constant verification requests for “stolen” (i.e. made up) Bitcoin accounts. Furthermore, he has released his own scam protection software service that helps to keep users safe from scammers whose time cannot be wasted.

If you’re interested in learning more about Kit’s work, you can listen to this fascinating and terrifying conversation with him and Jim Browning on Boston’s NPR station. It’s a great listen, as long as you’re okay with some explicit language.

Don’t Try This At Home

We know it might be fun to try this out for yourself, but know that some scam baiters can incur fines and experience other issues during their work. It’s definitely not something that the average user should ever attempt.

You do have some recourse, though:

4 Tips to Prevent Scams

Remain Calm

Scammers will try to scare you into action, so think things through in the moment. If you receive a message with claims like you owing money in unpaid taxes or you’re facing potential criminal charges, think through how reasonable these claims are before you act.

Avoid Cryptocurrency

If you’re going to make purchases online, use a credit card. Transactions can be canceled in the case of credit card fraud. Plus, credit cards are also insured. 

Never Send Money to Strangers

This should go without saying, but you should never transfer money or give personal information to strangers on the Internet.

Don’t Return Calls

Sometimes scammers will try to pose as a trustworthy entity within the user’s community, like a bank or a customer service number. Don’t call them back at this number; instead, use information publicly available on their website to contact the legitimate entity.

Let Us Help You Out

Naturally, cyberthreat scams like those that Kitboga faces are commonplace, and your business should be prepared to combat them. We recommend you contact us at Coleman Technologies for business-grade solutions. To learn more, call us at (604) 513-9428.

Your business’ computing infrastructure is a pretty resilient system. It has all types of tools added on to keep malicious code, bad actors, and even sabotage from ruining the good thing you have. This reliability has led to hackers changing the way that they go about their business. Nowadays, most of the attacks that affect businesses are phishing attacks. In today’s blog we will go through the elements of a phishing attack and how you can protect your business from them.

There are really four things you have to be aware of when you are considering if you’re looking at a phishing email. Let’s go through them now:

There is a Real Sense of Urgency to the Message

While a lot of the messages that we get in business have a demanding tone, there is something extraordinarily panicked about a phishing message. Essentially, phishing messages will urge the reader to take immediate action. This action could be in the form of clicking on links, downloading attachments, or giving over credentials that the scammer will then use to infiltrate organizational computing networks to deploy malware or siphon data.

Poor Grammar and Spelling

Many of these messages are created with the notion that the reader will be fooled by the overall legitimacy of the message. Many times they are subterfuge emails sent from a would-be financial institution or an insurance carrier; some business that has legitimacy. Typically, there are signs within the message itself that are blatant signs of its illegitimacy. Variables like misspelled words, poor use of grammar, and other red flags can tip users that the message is not legitimate. 

The Domain Is Wrong for the Message

When someone sends an official email from a business, typically the domain name of the email address that is sending the email will represent the organization that the message is coming from. If the address doesn’t come from the organization that is sending the message, that is a giant red flag. Most reputable organizations pay good money to host their own domain and if the address you are getting a message from doesn’t represent that, you have to believe that it is a scam. 

Suspicious Tone to the Message

You know the type of messages that you typically get. If a message you receive doesn’t meet the criteria of “normal”, you should immediately look to verify with the presumed sender of the message that it is legitimate. If it feels off, it probably is. Make sure you get this confirmation through a different means of communication.

Phishing attacks are everywhere. If you get messages that don't feel right, don’t interact with them—follow up. For more great tips and tricks return to our blog soon. 

It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.

Unfortunately, card skimming is even worse for those who rely on prepaid cards provided by the state for food assistance. Let’s consider why this is.

Skimming Losses are Worse for Those Receiving Assistance

Authorities across the country have taken note of increased losses associated with those receiving assistance through the Electronic Benefits Transfer (better known as EBT), which permits participants with the Supplemental Nutrition Assistance Program (SNAP) to pay for their food purchases.

When a SNAP card is used, the associated EBT account is debited so the store is reimbursed for the purchase. In this way, the EBT card is effectively a debit card—they even have an associated PIN and can be used to withdraw money from an ATM.

However, EBT cards largely lack the protections that most other payment cards have, like the more secure smart chip technology that makes these cards harder to duplicate, or the fraud protections that other payment cards have. If SNAP funds are fraudulently stolen and spent, the rightful recipient has little recourse to take. They’re effectively out that money…money that they need as a member of the program.

It isn’t exactly news that criminals and scammers have found ways to steal card data, either…and they’re getting better at doing it surreptitiously. The devices used to “skim” data off of payment cards (cleverly referred to as “skimmers”) can now be hidden inside cash machines, or camouflaged to look like just another part of the device. This makes it more challenging to spot these skimmers, putting more people at risk in general of having their data cloned and used to create additional copies of payment cards that the thief can use or sell.

What Can Be Done?

Well, short of more states implementing improved security measures into their EBT cards—eliminating the magnetic strip and replacing it with the modern chips that other card types use—it really falls to the user and the business where an ATM or other card-reading device is located to prevent these issues. Keep an eye out for people trying to tamper with these machines, and discontinue its use if you can until it has been fully checked by a professional for card skimming devices. As a customer, give any card reader a close look before you swipe to see if it looks at all unusual.

Coleman Technologies is here to help keep your business more secure and efficient, both for your benefit and that of your clients and customers. Find out how we can help via our managed services by calling (604) 513-9428.

WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.

What is YoWhatsApp?

YoWhatsApp is an unofficial version of WhatsApp that users can download and install on their smartphones. The developers claim it offers the ability for users to lock chats, send messages to unsaved numbers, and customize the look and feel of the application with various theme options. There are other unofficial WhatsApp versions out there with similar enhancements.

This sort of thing isn’t new. Ever since the early days of instant messaging software, developers have been building “enhanced” versions of popular messaging applications. Back in the early 2000s when AOL Instant Messenger was popular, there were several unofficial versions that offered additional features that removed ads, allowed more anonymity, and offered more features than the source material. However, using these third-party versions often came with some risk—sometimes they contained malware or made your account less secure.

This definitely appears to be the case with YoWhatsApp. 

What Are the Risks of Using an Unofficial Version of WhatsApp?

According to a recent Kaspersky Report, YoWhatsApp distributes Android malware known as the Triada Trojan. The same was discovered last year with FMWhatsApp, another modified unofficial version of the application.

Triada gains control over your SMS messages, and can enroll its victims in paid subscriptions without their knowledge and impersonate them, sending spam and malicious content to others from their phone number.

This, in turn, can then affect users who actually use the official versions of WhatsApp. 

While, as far as we know, WhatsApp is generally a safe application to use, the various third-party versions are not.

Understand What You Install

The concept of third-party developers creating unofficial “enhanced” versions of popular software isn’t anything new. It isn’t always a risk either, but you need to consider that unofficial versions aren’t usually as supported or secure as the official ones. If someone made a variation of Microsoft Outlook that offered some new features that the original didn’t have, and then Microsoft found and patched some vulnerabilities in their original version of Microsoft Outlook, it would be up to the third-party developer to also patch and update their version. You can’t really rely on that. You also need to consider that cybercriminals will go to great lengths to extort money from a wide set of users, and that includes building a “better” version of a popular app and paying to run ads to get users to download it and install their ransomware.

Whenever you install anything on your PC or smartphone, be sure to check to see if you are getting it from the official developer. If you aren’t sure, take some time to do a Google search, or reach out to Coleman Technologies to have us help you. It’s better to be safe than sorry.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from This email address is being protected from spambots. You need JavaScript enabled to view it., or does the email address actually read This email address is being protected from spambots. You need JavaScript enabled to view it.? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

Even the solutions designed to keep businesses and organizations safe are vulnerable to the threat of a cyberattack, as when it all boils down, these tools are still software solutions, no matter how secure they might be. The company in question today—Barracuda—is a huge name in the cybersecurity industry, and it has become the victim of a zero-day exploit. Let’s go over how you can prevent your business from experiencing the same thing.

A Vulnerability Was Discovered in Barracuda’s Email Gateway Security

A vulnerability was discovered in Barracuda’s mail Gateway Security application only after it was exploited. This is the part of the email security system that scans email attachments, so it’s an important one. The breach was discovered on May 19th, and patches were swiftly deployed to resolve the vulnerability.

The official statement from the company is as follows:

“Barracuda recently became aware of a security incident impacting our Email Security Gateway appliance (ESG). The incident resulted from a previously unknown vulnerability in our ESG. A security patch to address the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. Based on our investigation to date, we've identified unauthorized access affecting a small subset of appliances. As a mitigating measure, all appliances received a second patch on May 21, 2023, addressing the indicators of potential compromise identified to date. We have reached out to the specific customers whose appliances are believed to be impacted at this time. If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause.”

Explaining Zero-Day Exploits

Zero-day exploits are those that were previously unknown to security researchers, only having been discovered after they are actively being targeted by a threat. The severity of these exploits can vary, but they are extremely difficult to detect, as they often go undiscovered and undetected for quite a long time. After all, you can’t protect against something that you don’t know exists. Eventually, these vulnerabilities can become serious problems and logistical nightmares for security companies and businesses alike.

What Can Be Done to Stop Them

The worst part of dealing with a zero-day vulnerability is not knowing if one exists, as well as not knowing how long they have existed for. In the case of this exploit, it doesn’t appear to be too long, but any vulnerability in Barracuda’s ESG system is going to cause quite a stir. Businesses use a lot of software throughout the course of their operations, and the same issue could happen for any application on your network. You need to have a strategy in place to handle potential threats as they arise or become known, and it starts with making sure that patches are tested and deployed as soon as they are available.

Coleman Technologies can help your business deploy patches and updates in a quick and efficient manner using our remote patch deployment solutions. We can keep your software secure and safe from all threats, and if zero-day exploits do arise, we’ll do what we can to deploy fixes and assess damages. To learn more, call us at (604) 513-9428 today.

Safeguarding your online accounts is an important part of maintaining network security. With the increasing number of cyber threats, relying on strong, unique passwords is no longer optional—it's a necessity. Remembering complex passwords for numerous accounts can be challenging, however. This is where password managers come in handy, offering a secure and convenient solution to managing your credentials.

The Password Predicament

Let's face it: everyone has multiple online accounts, from social media platforms to banking websites, each requiring a unique login and password combination. Many people, therefore, tend to create and depend on simple, easy-to-remember passwords or even reuse the same password across multiple accounts. Unfortunately, this is how people get hacked. 

Cybercriminals employ techniques to exploit weak passwords, such as brute force attacks and phishing schemes. Once they access one account, they can potentially compromise others, leading to identity theft and other serious consequences.

Enter the Password Manager

Password managers offer a robust solution to the password predicament by generating, storing, and populating complex passwords for all of your accounts. Here's how they work:

• Password generation - A password manager can generate strong, random passwords consisting of a mix of letters, numbers, and symbols, making them highly resistant to hacking attempts.
• Secure storage - Your passwords are encrypted and stored in a secure vault, accessible only through a master password or biometric authentication. This means you only need to remember one strong password to access all your other credentials.
• Auto-fill functionality - Password managers seamlessly integrate with your web browser and mobile apps, automatically filling in your login details when you visit a website or launch an application.
• Syncing on multiple devices - Modern password managers sync your passwords across multiple devices, ensuring you have access to your credentials whenever and wherever you need them.

Benefits of Using a Password Manager

Password managers have a series of benefits that they present to users. 

• Enhanced security - Password managers significantly reduce the risk of unauthorized access to accounts by generating and storing complex passwords.
• Convenience - With auto-fill functionality, you no longer need to remember or manually type out your passwords, saving you time and frustration.
• Improved password hygiene - Password managers encourage the use of unique passwords for each account, eliminating the temptation to reuse passwords or use weak variations.
• Peace of mind - Knowing that your online accounts are protected by strong, unique passwords provides peace of mind, allowing you to browse the internet confidently.

If you would like help choosing an effective password management platform for your business, give the knowledgeable IT consultants at Coleman Technologies a call today at (604) 513-9428. 

September

9/5 

Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.

Facebook - Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.

9/16

Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.

9/27

DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked. 

9/30

Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.

October

10/17 

Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more. 

10/21

Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 

10/22

Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.

10/26

Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.

10/27

Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.

November 

11/9 

Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 

11/16 

Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after. 

Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 

11/18

State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.

11/19

Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.

11/22 

T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.

Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.

With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.

How Do These Threats Work?

These attacks work similarly to how a phishing attack or a spoofed email would, as a user is promised one thing but winds up receiving something very different. While a malicious application may perform the task it claims to, it also may redirect the user to a phishing website or ad (making the cybercriminal some money) or simply steal some of the user’s information, like their birthday or email address.

In the case of these extensions, the code needed for several different malicious operations was present, including:

• Redirecting traffic to advertisements (falsely generating revenue)
• Redirecting traffic to phishing websites
• Collecting personal data
• Collecting browsing history
• Downloading additional malware onto a user’s device

Avast’s researchers believe that only the first code was actively utilized, generating ill-gotten revenue for the creators of these extensions. Regardless, these extensions should be removed from any systems on your business’ network that they may be installed on.

The impacted extensions are as follows:

Chrome

• App Phone for Instagram
• Direct Message for Instagram
• DM for Instagram
• Downloader for Instagram
• Invisible mode for Instagram Direct Message
• Odnoklassniki UnBlock. Works quickly.
• Spotify Music Downloader
• Stories for Instagram
• The New York Times News
• Universal Video Downloader
• Upload photo to Instagram™
• Video Downloader for FaceBook™
• Vimeo™ Video Downloader
• VK UnBlock. Works fast.
• Zoomer for Instagram and Facebook

Edge

• DM for Instagram
• Downloader for Instagram
• Instagram App with Direct Message DM
• Instagram Download Video & Image
• Pretty Kitty, The Cat Pet
• SoundCloud Music Downloader
• Stories for Instagram
• Universal Video Downloader
• Upload photo to Instagram™
• Video Downloader for FaceBook™
• Video Downloader for YouTube
• Vimeo™ Video Downloader
• Volume Controller

Again, we encourage you to check your company’s network to ensure that these extensions are not installed in any of your users’ browsers, and that you encourage your employees to do the same.

Not sure how to go about doing so? Coleman Technologies can help. As a managed service provider, our services include remotely monitoring your business’ technology and network for threats while keeping abreast of this kind of news so that we can proactively resolve any issues that may influence your operations.

Find out more today by reaching out to us at (604) 513-9428.

It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.

Here are three strategies you can use to avoid phishing attacks and effectively navigate the holiday season without putting your financial or personal information at risk.

Check With the Online Retailer About Orders

Sometimes you might receive an email claiming that there is something wrong with an order. Maybe it’s your financial information, or maybe it’s your shipping information. In any case, these kinds of phishing tricks are using the commercialization of the holiday season to convince you to hand over your sensitive information.

If you receive an email or a text about an order that needs to be updated, then we recommend you go directly to the website in question and log in through their official login portal—especially not through any links contained in emails or text messages.

Don’t Click on Links in Emails (or Texts)

The same advice that works for untrusted links also applies during the holiday season, when emails and texts are being received by the dozens to ensure that orders are confirmed, payments are processed, and shipments are arriving. Don’t get so caught up in receiving these notifications in your email and on your smartphone that you forget to keep security in mind, though. It’s easy to send a text that looks like it is from some random retailer asking you to plug in your payment information again or to confirm a shipping address, only the message isn’t from a retailer and it’s instead coming from a hacker or other cybercriminal to either infect your system with malware or steal credentials from you.

Again, when in doubt, check your order information on the retailer’s official website, not from a link received in an email or to your smartphone.

Only Do Business with Trusted Retailers

This tip is more of just a “be careful of where you shop” caution. During the course of the holidays, people are browsing the Internet all over to find the perfect gifts for their loved ones. Sometimes this search might take them to corners of the Internet they didn’t know existed, where niche online shops thrive. While we are all for supporting small businesses, we just want to raise awareness of how you go about choosing who to trust for online purchases.

The basic premise of it is to only plug your card information into secured portals hosted by trusted retailers. Look at the company’s history, location information, support and other contact numbers, and so on to ensure they are an authentic and trustworthy person to purchase gifts through.

Stay safe this holiday season, and Coleman Technologies hopes you enjoy the time spent with your friends and family!

Phishing is a common trick where hackers pretend to be someone you trust to steal your personal information. For example, they might send an email that looks like it's from your bank, asking you to verify your account details. Here's why it's so effective.

Hackers Disguise Themselves

Hackers know you won't respond to random emails. So, they pretend to be someone you know or a company you trust, making you more likely to engage. For instance, they might mimic your favorite online store, prompting you to click on a malicious link. 

Always check who sent the message. If you're unsure, contact the person or company directly using known contact details.

Hackers Conceal Their True Intentions

If someone directly asked for your password, you'd refuse. But if they pose as tech support or offer a fake prize, you might be tempted. A common tactic is sending emails that claim you've won a lottery, urging you to click a link to claim your prize. 

If a message seems too good to be true or feels off, it might be a scam. Report such messages to your tech support or IT department.

Hackers Exploit Your Routine Actions

You're used to clicking links or downloading attachments in emails. Hackers take advantage of this habit. For example, they might send an email appearing to be an invoice from a service you use, tricking you into downloading malware. 

Pause and review emails carefully before clicking or downloading anything. If something seems suspicious, verify it first.

To protect yourself and your organization from phishing attacks, consider investing in professional security measures and comprehensive cybersecurity training. Regularly updating your knowledge about the latest phishing tactics can also help you stay vigilant.

Profitable Types of Data

Believe it or not, even a small business with a handful of clients has data worth stealing. You’re in business to make money, and by virtue of this fact, you likely collect and store financial information. In fact, you collect a ton of valuable data. The type of data that hackers are looking for.

In addition to all of the financial details you collect, there is also all of the contact information regarding leads, clients, and customers. With so many emails and phone numbers stored on your infrastructure, hackers can have a field day. They will have all the information they need to steal funds, distribute malware, and create unpleasant situations for your business.

The Unpredictability Factor

Not all hackers have any specific goal in mind when they hack you. Sometimes all they want to do is make your life miserable. The unpredictability associated with hackers is one of the most dangerous parts of them, as they can take advantage of any overlooked vulnerabilities to create a problematic situation for you.

The Impact of Security Negligence

If your business falls victim to a hacker, it’s certain to affect your business' operations. In some cases, it could be subject to compliance fines that could break your budget and put your business at greater risk. Furthermore, you could lose access to important data that makes your business work, threatening its future and all but guaranteeing that recovery can never happen. Therefore, the importance of protecting your network can never be overstated.

Coleman Technologies can help your business implement the security solutions needed to maximize protection from threats. To learn more about what we can do for your organization, reach out to us at (604) 513-9428.