Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

VT Logo header logo wrap shape

VT Logo header logo wrap shape

Award-Winning Dallas-Fort Worth IT Services.

Questions? Call (817) 595-0111

inner banner overlay

×

Error

The CEGCore2 library could not be found.

VersaTrust Blog

VersaTrust has been serving the Texas area since 1997 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Five tips to prevent VoIP eavesdropping

Eavesdropping is the intentional act of secretly listening in on a conversation, usually not for the best of intentions. Although today the act also includes VoIP telephone systems, it’s not a recent trend. As exemplified by the SIPtap attacks of 2007 and the Peskyspy trojans of 2009, cybercriminals have had their eye on VoIP ever since it was introduced to the market. Here are five tips to combat VoIP eavesdropping:

Never deploy with default configurationsEveryone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations. You don’t want to do this because it allows the bad guy to search vendor documentation. Depending on your VoIP solution, you should have the option of changing default handset configurations. Otherwise, you’ll need to come up with a manual process to change phone defaults when you roll handsets out to your employees.

Listen to your handset vendorsAn ideal example of VoIP handset vulnerabilities happened in 2015, when Cisco detected vulnerabilities in IP phones which enabled an unauthorized attacker to listen in on phone conversations. If it weren't for those security alerts, several companies could have found themselves victims of VoIP eavesdropping. The lesson learned here is you must regularly monitor advisories from your hardware vendor. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to being eavesdropped.

Update session border controllersAnother tactic to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software; because cyber threats are constantly evolving, your security products should as well. Routine SBC updates are essential for secure SIP trunking as well as responding to new threats.

Encrypt VoIP callsMany cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service. If you work in a regulated industry like healthcare or finance, encrypting VoIP calls are essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure.

Build a hardened VoIP networkAnother method to fend off VoIP eavesdropping is to build a hardened VoIP network that includes:

  • IP private branch exchange (PBX) using minimal services so that the hardware can only power the PBX software
  • Firewalls with access control lists set to include call control information
  • Lightweight Directory Access Protocol lookup, and signaling and management protocol
  • Reinforced end point security with authentication at the endpoint level
In order to effectively combat VoIP eavesdropping, businesses need to take a holistic approach. This includes policies, deployment, as well as security practices to ensure malicious agents are unable to tap into your calls. Feel free to contact us for further information on how to protect your business.
Published with permission from TechAdvisory.org. Source.

Continue reading

Predicting cyber-threats in 2017

As 2017 rolls in, the threat of more formidable cyber attacks looms large. Hackers and the cyber police will spend a lot of time outsmarting each other, while consumers of technology, individuals and businesses alike, anticipate the best security plan that can guarantee they sleep soundly at night. When it comes to defending against cyber-attacks, forewarned is forearmed. Here are some of the threats we predict in the coming year.

Increased threats on cloud technology

Cloud service has numerous benefits to businesses. They make data storage, collaboration, and processing more efficient; they enable employees to work faster; and they help operations flow smoother. Cloud technology’s popularity is expected to rise well into the next few years, but as demand increases, so does the dangers presented by cyber attackers.

Ransomware will be more complex

Ransomware incapacitates computer systems by locking down files and preventing access for ransom. In its 2016 Threat Predictions report, security software company McAfee predicts a peak in ransomware attacks next year. Although they also predict it to recede by mid-year, damages to vulnerable cloud-dependent infrastructures can be great and costly. Most alarming in the prediction, however, is that in the coming year ransomware attacks will be more complex due to new elements.

Ransomworms, which use advanced victimization techniques to mine further data within an already compromised network, are expected to put an even crueler spin to an already formidable malware. Doxing, on the other hand, affects avenues such as social media and any place where sensitive, easily identifiable information can be extracted to serve the ultimate purpose of extorting money. Yet another wicked ransomware to watch out for is Backup Deletion, which destroys the very mechanism that can otherwise help you recover from a compromised system or files: your backup data.

More threats to IoT (Internet of Things)-enabled devices

It is also predicted that 2017 will see attacks made on IoT-powered devices, which will make life harder for those who depend on technology that makes life easier. It targets medical devices and Electronic Medical Records, “connected cars”, basic domestic tools, and tech-driven wearables, such as smartwatches and fitness trackers. The danger posed by this intrusion is fully capable of corrupting information stored in your devices.

Advanced cyber espionage

Cyber espionage is by no means a novelty. In 2017, it’s expected to hold sway in cyber-threat prevention measures as it becomes even more complex. It encompasses all sectors of society, including individuals, private organizations, government institutions, and entire countries. Perpetrators will have the means to bypass networks by attacking firewalls and wreak havoc in their victims’ network. Fret not, for there will be measures in place to detect this threat also in the coming year.

Hackers are one of the most cunning criminals to have ever existed. While the cyber-police and the defenses they put up are no slouches, threats to security systems can still make technology-dependent individuals and businesses quiver. Although damaged networks can be repaired, compromised privacy restored, and stolen data returned, the amount of damage that hackers can cause might be irreparable and/or result in a significant dent in your IT infrastructure and budget. The value of a network security system makes itself known when you least expect it, which is why security should be a top priority.

Are your systems protected from these predicted remarkable feats of hacking? Call us if you want to discuss security services that are best for you.

Published with permission from TechAdvisory.org. Source.

Continue reading

The curse of Chimera ransomware

There are numerous strains of malware out there, but one particularly unpleasant one is ransomware. While this malicious software has been around for some time, recently a newer, nastier upgrade was discovered. Posing a threat to businesses of all sizes, the program, called Chimera, has upped the ante when it comes to scaring its victims out of their hard-earned cash. But what exactly is this malware, and what do you need to look out for?

Business is booming in the world of cyber crime, and scammers, extortionists, phishers and hackers are constantly on the lookout for new ways to exploit our fears and naivety in order to boost their bank accounts, steal our data, or simply cause us mayhem for their own twisted pleasure. One of worst types of malware for playing with our emotions - and therefore increasing the likelihood of us capitulating to its demands - is ransomware. If you don’t know how this program works, read on for an introduction.

If your computer has been infected by ransomware, the first sign that something is wrong is normally discovering that you are unable to open one or more of your files. That’s because the malware encrypts them, rendering them completely inaccessible. The next thing you see will be a ‘ransom note’, either in the form of an email or a notice that appears directly on your screen. You will be told that if you want to see your files again you will need to pay a sum of money. After making payment you will (allegedly) be sent a code that will allow you to decrypt your files.

Some types of ransomware up the fear factor even further by pretending that the FBI, CIA or other national law enforcement or government agency is behind the ‘kidnapping’. You will be told that your files are being held hostage because you have downloaded pirated software or files, or visited an illegal or illicit website - such as those depicting extreme pornography or threatening national security. Regardless of whether or not you are guilty of any of the above - be it a visit to an x-rated website, or downloading a pirated copy of the latest episode of The Walking Dead, your first instinct is probably to panic. The thought of no longer having access to any of our information, files or data is enough to make most of us break out into a cold sweat. If you haven’t backed up, everything from your vacation pictures to your company’s data could be lost for good.

The problem for ransomware creators, however, is that many users have wisened up to their tactics, and are refusing to pay, instead calling in an IT specialist to try and restore their encrypted files. This has left cyber criminals needing to find a way to boost ‘trade’. And that is where Chimera comes in. Christened by the Anti-Botnet Advisory Centre - a part of Germany’s Association of the Internet Industry - unlike previous forms of ransomware, which were indiscriminate when choosing their victims, this latest threat primarily targets businesses.

An employee will receive an email, purporting to be an application for a job within your firm, or some kind of corporate deal. This email will include a link ostensibly to the applicant’s resume or to details of the offer, but will in fact go to an infected file stored in Dropbox. Chimera then infects the user’s computer and encrypts any local files. Once the PC has been rebooted, the ransom note will be displayed on the desktop. Payment is usually set at around $680 USD, which must be paid in Bitcoins. And in order to further scare the victim into paying, the note will also state that failure to make payment will result in the user’s files being published online.

If there is a slight silver lining to the Chimera cloud, it is that the Anti-Botnet Advisory Centre has not found any proof that files have been published - at least not yet. In fact, it is still unknown whether the ransomware does actually take the encrypted files or if it is just an empty threat. Regardless, it is still a threat which could easily convince many users to pay the ransom. And should Chimera make good on its threats, the ramifications for a business are huge - and that’s without taking into consideration the nightmare of having your files encrypted in the first place. With Chimera targeting businesses of all sizes, and random employees within the business at that, isn’t it time you took another good look at your organization’s security posture?

Contact us today and talk to one of our security experts. We’ll be more than happy to help ensure that your small or medium-sized business isn’t taken hostage by Chimera or any other type of ransomware.

Published with permission from TechAdvisory.org. Source.

0 Comments
Continue reading

Twitter warns about cyber attacks

Earlier this month, social media platform Twitter alerted a number of its users to the fact that their accounts may have been hacked into by something, or someone, known as a “state-sponsored actor.” While a warning of this kind is certainly not unprecedented – for some time now, both Facebook and Google have also been contacting any of their users who they think may have been targeted – it suggests that attacks of this type are becoming more widespread.

But how at risk actually are you from a state-sponsored cyber attack? Is your small or medium-sized business in danger of being targeted? And who is behind these hacking attempts? Well, going by the warnings recently issued by Twitter, reports so far suggest that people, companies or organizations connected to internet security and freedom of speech are currently most likely to be at risk. But ‘currently’ is somewhat ambiguous, for in the world of cybercrime things can happen at lightning speed, and someone who is a target today might be deemed out of danger tomorrow – and vice versa.

As always, the best form of protection is to be forewarned, and you can only do that by learning as much as you can about the latest threats, scams and attacks. If you are a Twitter user, be it personal or for business use, you may be wondering why you have not yet heard of these alerts. That’s because Twitter’s messages were only sent to a small, and mostly rather niche, group of users. The email informed these users that Twitter was contacting them as a precaution due to their accounts “possibly” having been hacked by the state-sponsored actors. The email also stated that they believed that the actors may (or may not) be associated with a government, and that those involved had been looking to obtain personal information such as email addresses, phone numbers and/or IP addresses. So far, so vague!

Twitter then goes on to say that, although they have no evidence that any accounts were compromised or any data was stolen, they are actively investigating. They also lamented the fact that they wished they could say more…but that they had no additional information at that time. The email goes on to attempt to reassure users that their accounts may not have been an intentional target, but admits that if a user tweets under a pseudonym, that Twitter understands they may have cause for concern. But with so many Twitter users tweeting under a different name – and perfectly innocently, at that – what’s the real cause for concern here?

The issue lies with the type of accounts that were mostly targeted. The majority of these belonged to people or organizations connected to, or concerned with, cyber security. In fact, Twitter even offered some handy advice on protecting your online identity, suggesting users read up on the subject at the Tor Project website. Somewhat coincidentally, one of the victims of the attempted Twitter account hack is an activist and writer who currently educates journalists about security and privacy – and who used to work for the Tor Project. Another is a Canada-based not-for-profit organization involved with freedom of speech, privacy and security issues, and one of its founders is a contractor for the Tor Project.

Other Twitter users who received the email are also involved in some way or another in cyber security, albeit as self-described “security researchers” or simply by way of following or engaging with the online security community. This might lead you to the conclusion that, if you’re not in the business of security and instead keep your tweets to sport, entertainment, and the latest must-have gadgets, you are not at risk. But we urge you not to be so hasty. That’s because, within that small group of people who were contacted by Twitter, a large proportion of them had nothing to do with activism, freedom of speech, calls for greater privacy, or anything of the sort.

This means that, far from brushing this latest round of cyber threats under the carpet, individuals and business owners – whatever industry they are in – do have at least some cause for concern. As yet Twitter has not released details of the state the “actors” are sponsored by, so for now we are none the wiser as to whether it’s a homegrown issue or one from further afar – say North Korea or China.

What does all this mean for you as a business owner or manager? It means that you should be taking your online security more seriously than ever. It’s no longer just your network that is at risk; now simply having an account on a social media site such as Facebook or Twitter could be providing less-than-desirable third parties with the portal they need to access your company’s private information.

If you’d like to know how to ensure the online safety of your organization, give us a call today. Our experts have experience in everything from securing your computer network to increasing safety when it comes to sending out those all-important tweets!

Published with permission from TechAdvisory.org. Source.

0 Comments
Continue reading