Do you own a NAS and are you looking after it well?

Synology NAS box

Synology, one manufacturer of NAS box’s

A strange question for the uninitiated. What is a NAS and what sort of food does it eat and how should I be treating it?

My focus recently has been all about storage and the space we are each using to store our data. (Whatever that data maybe). From faster drives to access the data to storage solution on the cloud and in the office. It is one of the most important and common questions I am asked.

One solution doesn’t meet everyone’s needs. But a combination of solutions is usually what people use and sometimes chaotically with no thought on how this will progress and what the strategy is or should be.

So what is a NAS?

Well, it isn’t a small creature that keeps you company and helps with your storage and access to data. Well, that is not completely true it does allow storage and access to data in various ways and will cleverly backup said data in different ways. NAS stands for Network Attached Storage. A system of storage media that is attached to your network at home or work. Over the years this type of storage has become more and more intelligent and can literally be a self-contained computer system that runs all your data and data access. It can be a small unit to a much larger unit. Various companies make them and they are, well what can I say I am biased, brilliant.

I have used one for business for over 8 years now and it has served me well. I can store data on it and it has internal drives that automatically backup to each other creating what is called a mirror of my data. I also can, and have configured it to back up to a cloud drive and have chosen the important data to back up in this way. So I have offsite data as well.

The NAS unit allows me to access it remotely over the Internet, (Through a secure connection), so my own personal cloud drive with access. I can add users and give them a proportion of the space and they can store their data there and we can collaborate on data.

Benefits

This is a lower costs system to having a fully-fledged file server in your office and still allows multiple access by users and storage and remote access. It has a configuration panel that is easy to understand and configure. An admin is appointed and can add users, block users and configure all the aspects of the system. The amount of storage is up to you and your budget. But it can be easy to handle and allow for expansion to a cloud drive or even to add extra space at the NAS unit itself.

Remember the biggest asset to any business is data and the importance of data and how easy it is to access it and collaborate using it is important.

So if you are considering storage and where it all goes?

Space the Final Frontier

storage spaceHaving been into science fiction for most of my life, I thought this would be a good time to look at Space, the Final Frontier. A phrase I have grown up with. But why this title and why this topic?
Well now as opposed to in the past we have a range of places available to store our data and as we all now data is king.

So, what final frontier do you use for your data storage?

Or do you sue multiple frontiers?
In the past, we had limited solutions available to us. Floppy disk, Hard drive in the local machine, Server space on the in-house office server. Burning data to a CDROM or DVDROM. Then USB pen drives became the major medium for storage. In fact, I come across this method the most as people move and share data with each other.

Well is that the final frontier? It certainly gives us the flexibility of having mobile data we can access everywhere and share with others if need be. That must be the solution.

Of course, intrinsically it has a whole range of problems associated with it. Losing the drive, securing the data on the drive. limited space on the drive. (However, there are some very large storage capacities now available.) A virus somehow getting on the drive and then transferring nicely to all the machines you plug it into.

The Final Frontier

 Well, what is the final frontier if USB drives are flawed? Most large IT organisations are now pushing SAAS. (Software As A Service) This is normally for things like Microsoft Office Products and soon to be Windows. A monthly fee for access to software that is generally on the cloud and you get access to a web-based version and a downloadable version depending on the package you have paid for.

This whole premise of a cloud-based supply leads us to the cloud being the final frontier. A place to store all your valuable data. Also, a place where the data can be automatically backed up and shared with others securely. Access to the Internet (Cloud) is essential even though some areas can be accessed offline. The benefits are massive. All data can be shared and is automatically backed up. You can access it from any device anywhere. Work on it and collaborate on it. As technology drives us forward we will be adopting this Final Frontier More and more,

Are you heading there at Warp Speed?

Relaunch video for parent organisation

Check out the new video from our parent organisation. (Sorry for the bitable banners)

I want to stand on a platform with regard to this matter.

bridging the gap

Choosing a platform

During the time of election fever and the stance of many politicians and the media flooding our households, Internet and newspapers with all the spin and comments of election contenders, it occurred to me that many of them are launching the election campaigns on a platform of one thing or the other. If it isn’t the NHS it is migration and immigrants.

It got me a thinking

It started me thinking of what is the platform I stand on with regard to my business and how it operates and runs and then to take it into the techie world, what Social Media and Internet platforms do I use to get the message flooding to my customers and potential customers worldwide.

Platforms there are so many

It is the case that there are so many platforms, as with the election there are so many stand points that people take and you don’t know at times which one to believe, so we base our beliefs and decisions on past experience and their record if they have done the job before. When I set my company up I knew I did it out of passion. I wanted a company that had a drive and passion for what it did and did it well and honestly. So that was my initial platform if you like, I then structured the offering my company had around this. My testimonials from clients were my gauge as to whether I was achieving this each and every time. Then learning and tweaking happens. No one is perfect and it is the driving force behind our actions that should be considered.

So honesty, integrity and doing the best job as promised was my platforms and I hope I have achieved them as often as possible.

The other thing I did as an organisation was start to business network, before I even setup as a company I attended some networking groups to find out what business was saying about the climate and how they were getting on. I wasn’t setting up blind as they say. This paid off and I have continued to business network to this day. It is a great place to bounce ideas around, meet great people and pick up so much information and ideas.

What about online platforms?

With regard to online platforms, I have always been as you can imagine, the company is called IT Turning Point, very aware of what technology is doing and where it is taking us. The Internet has been with us for years and introduced so many changes in the way organisations and customers operate that it has dragged some organisations into the 21st century screaming and kicking.

The key of course is to decide your best and most appropriate route to market and then target the majority of your efforts there. This of course sometimes takes more than one attempt to get it right and is what I like to call a toe in the water scenario. We try and see if it works and tweak and try again until we hit the sweet spot. I decided early on to have a website and had it up and getting found before the official company launch, so when I launched people had a shop window to visit.

This of course was mentioned on all emails and literature to drive traffic in that direction. The site was optimised at the time for the search engines and we were off.

Social media was my next area of consideration and what should I do here and which platform would be best for me to use. I did the following and it has worked for me over the years.

My company was primarily B2B so LinkedIn to me was essential and getting my profile up to 100% as it was at the time and then making good honest connections with potential customers, existing customers and other companies and contractors that might be useful for me to touch base with and bounce ideas around. A company LinkedIn page was setup as well as my profile and maintaining it and promoting it became a goal.

For more awareness of brand name and getting me more widely known quicker I also thought that Facebook would be a great place to have a business page. So off I went on my next platform and got that page up and running and started to gain likes and awareness.

Remember, I am always aware of where technology is trying to take us and I launched a Twitter account at the same time to take advantage of the profile raising for my brand name.

In the corner of my eye I was always reading techie articles about search engine Optimisation and how you can get found online to make sure my efforts where not all in vain. This kept me informed that Google the main and most popular search engine was changing what it calls it’s algorithm that checks the Internet to find you and me and was placing more emphasis on Social Media activity and content. So this means and still does today that you need your website optimised, but you also need to be active in the realm of social media. You need to have link popularity, which means people are coming to your site from various locations and landing there and then leaving to go to other locations from your site.

Other social media platforms are out there, Google+, Kiltr, Pinterest and Instagram. It was now a case of deciding which platforms I felt I could benefit from and manage easily.

Again tools were there for the managing and these have helped immensely. Such as Hootesuit, highly recommended and there are others.

Email newsletters were the next thing I had always ran since setting up and had made a decision that a monthly newsletter would be the thing. So to this day we send out a monthly newsletter to a database of people who have signed up for it. Again there are laws about spamming people.

Have we reached our goal?

No, is the easy answer, we are always looking at tweaking and changing what we do and managing it differently and we do use other mediums to get the message out there, such as PR articles to business press, etc. We also run an online blog about technology amongst other things.

All these various platforms have meant that we have been able to vary our offering and develop it over the time the company has been running and as long as we keep to the company platforms of honesty, integrity and doing the best job as promised then we will keep it up.

I hope this helps, let me know your thoughts on the whole area of platforms, online or offline.

BIG DATA EXPOSED

big data

An SME owner’s (non-technical) perspective on the impact of Big Data.

People like to compare, categorise and count. From basic ‘one, two, many’ counting systems to hyper-complex variations on different types of infinities, we seem to be impelled to view patterns, detect trends and evaluate our daily experiences, individually and collectively, through numerical frameworks. At a mundane level, we value our work input in terms of money earned and measure business performance by accounting for profit or loss; more imaginatively, we give dimension to the universe by calculating light-years between galaxies to which none of us could ever travel, but which we like to count anyway!

Over the last 60 years, computers have enabled us to count (and record our totals) at an increasing pace and to a magnitude that would have appeared both incomprehensible and functionally senseless to many of those early IT pioneers. “Why would we ever need to count so much, so quickly?”, they might have asked. The current benefits of storing petabytes of data on the internet on a daily basis (Google processes lots of petabytes, by the way) were not so obvious in the 1950s, when the technological challenges were focused on making the great mainframes hulks more reliable and keeping them cool enough to work. But now, our IT capabilities have made the compilation of massive data-sets seem almost routine. Big Data, as a concept, is emerging as the latest evolutionary step in a line which includes its earlier diminutive cousins – relational databases and data-warehousing.

But doesn’t the ‘Big’ in Big Data signify that it is only of relevance to big organisations and groups which can access and analyse it? As a small B2B business owner, I don’t believe that to be the case, so here’s my take on what the existence of Big Data means for SMEs. I’ll start with two brief scene-setting questions – How have we created it and why do we think it’s worth having?  

How have we been able to collect so many data-sets, public and private, in such a comparatively short period of time from the birth of the modern computer? The expansion of IT and the internet into daily living– and their adoption and understanding by the masses in the last two decades via PCs and smartphones – have allowed us to record our counts super-massively and with unimaginable speed. The sense of amazement I felt in the late 70s when hearing that a program would be able to carry out the calculations necessary for a college project OVERNIGHT appears embarrassingly naïve today. We’ve all heard the one about the computing power that guided the first men to land on the moon – that there’s more ‘oomph’ in a modern washing-machine chip now than in the whole of NASA in 1969 – stretches the comparison somewhat, but it makes the point that almost-microscopic processors are now orders of magnitude more powerful than their pioneering mainframe progenitors. And today, when we can link up computers in very large arrays to view the universe, analyse statistics on diseases via PCs connected across continents or announce our every waking thought on vast social media ‘soapboxes’, then our sense of conquest – that there is no piece of recordable data out there which we cannot collect and store – becomes limitless. Which leads me to ‘why’?

Why is having Big Data beneficial? That’s been part-answered in my introductory comments. We like to collect, compare and count things, and to me, in a sense, the numbers we can define and then amass on our storage systems have become those ‘things’. So, some of the answer as to why we deem it worthwhile creating evermore data is because “we can” (the mountain’s there, so climb it).  Big Data’s existence, as a by-product of the internet-age, reaffirms to us that we can keep tallies of what matters to us. However, whereas, for the first 50 years of the technical development of IT, increasing memory and speeding up the circuitry to pipe the 1s and 0s to their storage point was the main focus (the digits were the means to the end), once the engineering reached a level of efficiency and reliability to guarantee operating stability, deciding what could now be done with the data thereby collected – the things as objects – became the scientific quest.

So, the question has moved on to become ‘what’s the point of Big Data – how can we extract information we believe to lie in the layer upon layer of digital substrates that form the internet’? Can Big Data, envisaged as a constantly growing entity it itself, a real-time flow of interactions across networks  between people and organisations, now be mined by those with the sophisticated analytical skills and insight to ask the right questions, to yield motherlodes of information that could improve our understanding of human behaviour in a vast range of contexts? The answer, of course, is yes it can.

At a practical level, I’ve mentioned Big Data being analysed by astronomers and medical researchers to give but two small examples of how it is being exploited to test theories and hypotheses. There are, of course, other areas where Big Data is providing previously unavailable opportunities for other types of organisations and individuals to delve into data-sets to ask their own questions, be they commercial, not for profit or academic. For example, the main accountancy firms are in the process rapidly developing their capabilities to purchase and analyse Big Data as the value of their compliance services (making sure tax and other statutory returns are being made on time) diminishes and business-advisory (selling knowledge back to a business to help it grow or manage itself better) increasingly generates larger margins from their clients. My focus, however, now turns to what impact Big Data is having on SMEs by considering two cases based upon real contemporary events.

My first scenario originates from the world of banking, admittedly not the most popular of professions currently, but an essential commercial service for SMEs. The analyses emerging from the masses of Big Data on our transactions the banks own are revealing the fundamental changes in the way we use and interact with our money.  Retail banks are closing branches and laying off staff in their thousands, not without complaint or customer reaction, but nevertheless with confidence that it’s the right thing to do. Why? Because they know, from near real-time Big Data analyses, that more customers are using internet banking and a decreasing number see any need to visit a branch (knowing your local bank manager is no longer a selling feature for your banking services – if it ever was for the majority of us). Having access to your accounts from your mobile phone has much more relevance, and therefore more value, for customers. This is not some banker’s hunch; the analytics prove it, right now! They see cash transactions dropping as cards and smartphone payment facilities are used to make 60% of purchases below £20 by some client demographics – and this is not being restricted to younger customers.

So what’s the impact on SMEs of this evidence from banking Big Data analyses? Well, at a basic practical level, it forcefully shows the more ‘cash-based’ trader that offering cashless payment facilities to customers will definitely bring in more business. However, for me there’s an additional learning point that has emerged from the banks’ current infrastructural changes – it demonstrates that Big Data can now be analysed in such a way as to provide reliable answers to increasingly specific and complex questions about commercial activity.

The banks and other organisations utilising Big Data are not ‘taking a punt’ when they decide to implement radical changes in their structure or operations. Rational decisions are being made, after analysing near real-time information, on product development, marketing campaigns and organisational structure because Big Data supports adaptive change to take place based upon what is required today. Likewise for ambitious SMEs, the opportunities are expanding to access meaningful information about their markets in their geographies that is near-real time, not months out-of-date or carelessly slung together from national marketing samples and sold at extortionate rates. Sure there will be a cost to obtain such intelligence, but there are more data-analysis organisations in the market which will provide more relevant and reliable external information than was available before. Big Data will allow SMEs to be more informed decision-makers, just as it has made large organisations more adaptive decision-makers.

My second scenario arises from a recent Big Data analysis conducted by an expanding financial management app company which provides services specifically for SMEs. Basic, easy-to-use (but perfectly functional and compliant) bookkeeping and accounting apps are now being marketed with the small business owner being viewed as the main purchaser, not their accountant. For most of the UK’s 4 million SMEs, getting over the unappealing bookkeeping hurdle could be made really simple (even enjoyable, for some) by adopting any one of the online financial management services such as Free Agent, QuickBooks and Sage Online. These make simple accounting very affordable and straightforward to do and allow the working relationship with one’s accountant to become more productive as the streamlined and rapid data-input process removes the drudgery of the paperwork, allowing a business to keep close to its most valuable asset – its information, i.e. those facts and figures that let it know how it is performing operationally and commercially. And here Big Data and small business inevitably and fortuitously collide.

Every online transaction is securely recorded in the Cloud by the SaaS providers – so they collectively have the records of their customers’ businesses writ very large. They know, from the transactional data that we pass to them, how we behave as organisations. For my example, Xero.com, a financial management app specialising in the SME market in the US, UK and the Antipodes, has used its anonymised data-sets to demonstrate that businesses which invoice promptly using online delivery methods can reduce their debtor days by 40%. Big Data on how SMEs manage their finances, once more in near real-time, has provided contemporary evidence not only that efficient invoicing gets you paid quicker (which we already knew) but also that using email to send out your bills and offering payment services to your customers can get you paid in 24 days rather than 40; this insight could be worth a fair bit to a cash-strapped business. So SMEs, utilising cloud-based financial, administrative and operational apps, can benefit from contributing their transactional records to a vast data-pool which can be analysed to give back information on comparative performance when measured against their peers.

The development of key performance indicators (KPIs) for SMEs will be an increasingly active market in the next few years. Competitive advantage will attained by those businesses which understand the value of devising and measuring KPIs which are specific to sector, geography, technology or markets and which have access to insightful analysts who understand the product or service being offered to customers. Analysis for its own sake has never been sufficient, but Big Data now makes more purposeful, commercially-focused analysis possible for even the smallest of businesses. Knowing why customers accept or reject what the market is offering can be gleaned from Big Data examinations of purchasing behaviour married to key-word reviews of social media comments. While the vast majority of SMEs are not able to do this for themselves, the opportunities to benefit from the existence of Big Data are beginning to open up through the growth in the tailored data-analytics market.

So, by moving into the era of Big Data, our ability to count has moved one stage further along the developmental path that started with ‘one, two, many’. We now, large and small businesses alike, must now count ‘one, two, how many?’ in order to profit from the advantages that Big Data offers us all to improve our analysis and decision-making.

What are your experiences and thoughts on Big Data and how we can use it?

Guest Blogger this month is
Rory H D Cooper
Managing Director
Canmore in Business
www.canmore.co

 

I don’t run or manage projects!

Juggling ProjectsThis is a phrase I hear often; usually when talking to business owners, or even employees working for someone. They tell me they are not project managers, and wonder why I am telling them about Microsoft Project?

Well, let’s look at the definition of a project. It is described as a series of tasks that have a beginning and end date, and a deliverable at the very end. It is constrained by resources and timescales. Now, is this sounding familiar?

If not, it should be – as it sums up any task you may be trying to achieve at any given point in time. Let’s assume most of us have a manageable workload (stay with me here!), so let’s liken it to juggling – normally we are juggling one or two balls at a time. We can teach ourselves that, and if we drop a ball, we can react quickly to pick it up again. However, scale this up (as many of us do), and now let’s say that you are juggling six or eight balls, but don’t have time to teach yourself advanced juggling. I would guess that you are now dropping balls more often, and sometimes even more than one at a time. Suddenly it’s not as easy to react to, and the consequences of any ball falling are much worse. There is a term for this situation: we call this firefighting, and when the art of project management changes into simply firefighting things as they happen, we’re in trouble. Is any of this sounding familiar?

So what should we do?

At a risk of sounding glib – the solution is to work smarter. Take the skills you already have, and build on them to enable you to act rather than react. Rather than fight those fires on a regular basis, let’s snuff out the ember as soon as we see it – and using project management software allows you to do this.

I have a client who is managing over 71 projects of various sizes, so that would be 71 balls to juggle – all with a different weight. They said they would never be able to do it without the use of software, and so they had trained themselves to juggle, and have actually been on two of our courses.

So who manages projects?

The answer is simple: we all do. Every one of us. From simply getting dressed in the morning, doing DIY or decorating, right down to our actual business in our workplace, we are managing multiple projects. But are we teaching ourselves to juggle?

Next Steps?

Check out our testimonials and read the section on project management, see what our clients have to say. Then, if you have questions or want to know more, get in touch.

How do you manage projects just now? Are you coping OK? What would happen if you had double this amount?

In our experience it’s usually best to put a system in place now, than try and introduce one after years of self-taught juggling!

We look forward to hearing from you.

Hack in the box!

security laptopOn average 30,000 websites are hacked every day*, 200,000 new malicious programs/viruses are detected every day**.  Google recently reported that they detect 9,500 websites/day infected with malware used for drive-by download attacks, where the victim only has to browse the site to become infected, and 4,000 of these sites are legitimate company websites. Small business have been a target for cyber criminals for a few years now, because they are an easier target due to their lack of budget and expertise. Is your network as secure as it can be from hackers? Are you sure? Or are you helping cyber criminals distribute malicious programs to your customers, friends and family, even if you’re computers are just acting as a base of operations for attacking and infecting others.

* Sophos Labs Report ** Kaspersky Labs Report

It is estimated that cybercrime costs the world’s economy between $1 – 3 trillion per year.

Many businesses around the world have been struggling financially for a number of years, but sadly the underground hacking economy seems to be alive and well. In July of 2013, the FBI charged two Russians for hacking into US Financial Institutions that resulted in the theft of millions of dollars from more than 800,000 victim bank accounts. One of the hackers and several other undiscovered criminals, were also charged with the stealing and selling of at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. According to the indictment, these losses included $300 million in losses for just three of the corporate victims not to mention the immeasurable losses to the identity theft victims, due to the costs associated with stolen identities and fraudulent charges.

Underground Prices for Stolen Credentials and Hacker Services

Hacker Credentials and Services Details Price
*Visa and Master Card (US)   $4
American Express (US)   $7
Discover Card with (US)   $8
Visa and Master Card (UK, Aus & Can)   $7 -$8
American Express (UK, Aus & Can)   $12- $13
Discover Card (Aus & Can)   $12
Visa and Master Card (EU and Asia)   $15
Discover and American Express Card (EU and Asia)   $18
Credit Card with Track 1 and 2 Data (US) Track 1 and 2 Data is information which is contained in digital format on the magnetic stripe embedded in the backside of the credit card. Some payment cards store data in chips embedded on the front side. The magnetic stripe or chip holds information such as the Primary Account Number, Expiration Date, Card holder name, plus other sensitive data for authentication and authorization. $12
Credit Card with Track 1 and 2 Data (UK, Aus & Can)   $19-$20
Credit Card with Track 1 and 2 Data (EU, Asia)   $28
US Fullz Fullz is a dossier of credentials for an individual, which also include Personal Identifiable Information (PII), which can be used to commit identity theft and fraud. Fullz usually include: Full name, address, phone numbers, email addresses (with passwords), date of birth, SSN or Employee ID Number (EIN), one or more of: bank account information (account & routing numbers, account type), online banking credentials (varying degrees of completeness), or credit card information (including full track2 data and any associated PINs). $25
Fullz (UK, Australia, Canada, EU, Asia)   $30-$40
VBV(US) Verified by Visa works to confirm an online shopper’s identity in real time by requiring an additional password or other data to help ensure that no one but the cardholder can use their Visa card online. $10
VBV (UK, Aus, Can, EU, Asia)   $17-$25
DOB (US) Date of Birth $11
DOB(UK, Aus, Can, EU, Asia)   $15-$25
Bank Acct. with $70,000-$150,000 Bank account number and online credentials (username/password). Price depends on banking institution. $300 and less
Infected Computers 1,000 $20
Infected Computers 5,000 $90
Infected Computers 10,000 $160
Infected Computers 15,000 $250
Remote Access Trojan(RAT)   $50-$250
Add-On Services to RATs Includes set up of C2 Server, adding FUD to RAT, infecting victim $20-$50
Sweet Orange Exploit Kit Leasing Fees   $450 a week/$1800 a month
Hacking Website; stealing data Price depends on reputation of hacker $100-$300
DDoS Attacks Distributed Denial of Service (DDoS) Attacks– throwing so much traffic at a website, it takes it offline Per hour-$3-$5
Per Day-$90-$100
Per Week-$400-$600
Doxing When a hacker is hired to get all the information they can about a target victim, via social engineering and/or infecting them with an information-stealing trojan. $25-$100

*Note: All Credit Cards sold with CVV Codes

As always, there is no shortage of stolen credit cards, personal identities, known as Fullz, for sale. However, the hackers have come to realize that merely having a credit card number and corresponding CVV code is not always enough to meet the security protocols of some retailers. Hackers are also selling cardholders’ Date of Birth and other personal information. Having this additional information would allow a hacker to answer additional security questions or produce a fake identification, to go along with a duplicate credit card. VBV (Verified by Visa) data is also being sold.

It has been found that credit cards and personal identities for non-US residents continue to sell for more money than the credit cards and identities for US residents. An example of the pricing discovered for stolen credit cards, Track 1 and 2 Data of Credit Cards, Fullz, Date of Birth and VBVs for cardholders is listed in the table above.

Online Bank Accounts for Sale: Name Your Bank and Country Preference

Just as with stolen credit cards, there are hundreds of online banking credentials for sale. It has found that one can purchase the username and password for an online bank account with a balance between $70,000 and $150,000 for $300 and less, depending on which banking institution the account is located. Also one can specify the login information for an account within a specific bank and country.

Malware Infected Computers for Sale

There are thousands of compromised computers (bots) for sale by bot salesmen. The price per computer typically decreases when they are bought in bulk. The costs for infected computers (bots):

  • 1,000 bots = $20
  • 5,000 bots= $90
  • 10,000 bots = $160
  • 15,000 bots = $250

Infected computers in Asia tend to sell for less. It is thought that infected computers in Europe & U.S. are more valuable than those in Asia, because they have a faster and more reliable Internet connection.

Once scammers buy the malware-infected computers, they can do anything they want with the machines. They can harvest them for financial credentials, infect them with ransomware so as to extort money from their owners, or use them to form a spam botnet to send out malicious spam on behalf of other scammers. If you don’t think there is much money in the spam business think again. Research into one of the largest spam botnets, Cutwail, it is estimated that the Cutwail gang’s profit for providing spam services was approximately $1.7 million to $4.2 million over two years.

Malware and Exploit Kits for Sale

A variety of Remote Access Trojans (RATs) are for sale ranging from $50 to $250. Most of the RATs are sold with a program to make it Fully Undetectable (FUD) to anti-virus and anti-malware. However, there were some hackers who sold the FUD component for an additional $20. For those RAT buyers who want the seller to do all the work for them, eg: setting up the RAT’s Command and Control Server, configure the malware to be FUD and possibly infect the target, they could pay an additional $20 to $50.

Exploit Kits – One of the offerings the Sweet Orange Exploit Kit for lease charged between $450/week and $1800/month. Sweet Orange is certainly more expensive to lease than the once popular BlackHole Exploit kit. Before BlackHole’s supposed creator was arrested, the leasing rates for BlackHole were:

  • 3 months—$700
  • 6 months–$1,000
  • One year–$1,500

Hacker Services for Hire: DDoS Attacks, Hacking of Websites, Doxing

Hacking into a Website

The cost to hire a hacker to break into an organization’s website runs between $100 – $300. Generally the higher the fee, the more reputable the hacker. What is worth noting is that most hackers for hire will not hack into a government or military website.

Distributed Denial of Service (DDoS) Attacks

A DDoS is where 1000’s of computers, controlled by a RAT, are used to attack a website and bring it to a halt through sheer volume of traffic. Those customers wanting to purchase DDoS Attack Services could pay by the hour, day or week. Most hackers who provide the DDOS attacks guaranteed that the target website would be knocked offline.

The rates were as follows:

  • DDoS Attacks Per hour = $3-$5
  • DDoS Attacks Per Day = $90-$100
  • DDoS Attacks per Week = $400-600

Doxing

Doxing is when a hacker is hired to get all the information they can about a target victim. Their methods include searching public information sites, social media sites, as well as manipulating the victim via social engineering and infecting them with an information-stealing Trojan. There are a lot of Doxing services for sale on the hacker underground, A “Vouch” from customers is used to verify that the hacker providing the Doxing service is legitimate. Doxing services range from $25 to $100.

Name Brand Products, Get Them For Cheap

Another service being sold on the hacker underground is where hackers will sell popular products, below the retail price. The hackers will obtain a specified product for a buyer either by using a stolen credit card or by working a scam, where they contact the retailer’s customer service representative and pretend to have purchased the item from the vendor, and it was damaged. The customer service representative is convinced that the complaint is legitimate, and they send out a replacement to the scammer, who in turn sells the product below the retail price.

Summary

For the most part, it does not appear that the types of hacker services and stolen data for sell on the hacker underground have changed dramatically in the past several years. The only noticeable difference is the drop in price for online bank account credentials and the drop in price for Fullz or Personal Credentials. In 2011, hackers were selling US bank account credentials with balances of $7,000 for $300. Now, accounts with balances ranging from $70,000 to $150,000 go for $300 and less, depending on the banking institution where the account is located. In 2011, hackers were selling Fullz for anywhere from $40 to $60, depending on the victim’s country of residence. Fullz are now selling between $25 and only go up to $40, depending on the victim’s location. It is believed that the drop in prices further substantiates that there is an abundance of stolen bank account credentials and personal identities for sale. There is also no shortage of hackers willing to do just about anything, computer related, for money, and they are continually finding ways to monetize personal and business data.

Key Protective Security Steps

Companies should adopt a layered approach to security and consider implementing the following:

  • Firewalls around your network and Web applications
  • Intrusion Prevention Systems or Intrusion Detection Systems (IPS/IDS). These inspect inbound and outbound traffic for cyber threats and detect and/or block those threats
  • Host Intrusion Prevention Systems (IPS)
  • Advanced Malware Protection Solution
  • Vulnerability scanning
  • 24 hours a day x7 days a week x365 days a year log monitoring, and Web application and network scanning
  • Security Intelligence around the latest threats (people working on the latest threats in real-time, human intelligence)
  • Encrypted email
  • Educating your Employees on Computer Security. A key protective measure is to educate your employees to never click on links or attachments in emails, even if they know the sender. Employees should check with the sender prior to clicking on the email links or attachments. Client side attacks using email attachments and hyperlinks to malicious code on the web are the two major infection vectors.

The good news for SME’s is that there are some products out there that are open source and free that can cover a lot of the above. Configured correctly will help to protect the network from malicious hackers, at least make them want to bypass you and attack an easier target.

Individuals Should Implement the Following Security Steps

  • Computer users should use a computer dedicated only to doing their online banking and bill pay. That computer or virtualized desktop should not be used to send and receive emails or surf the web, since Web exploits and malicious email are two of the key malware infection vectors.
  • Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, you should confirm that the sender has sent the specific email to them before clicking on any links or attachments.
  • Reconcile your banking statements on a regular basis with online banking and/or credit card activity to identify potential anomalous transactions that may indicate account takeover.
  • Make sure your anti-virus is current and can protect against the latest exploits. Also, make sure that your anti-virus vendor has signatures for detecting the latest Trojans and that you have the most up- to-date anti-virus protections installed.
  • Do not use “trial versions” of anti-virus products as your source of protection. Trial versions of anti-virus products are good for testing products, but do not continue to use the trial version as your protection for your home or work PC. The danger is that the trial version does not receive any updates, so any new Trojan or virus that is introduced after the trial version was released will have total access to your PC.
  • Make sure you have your security protections in place. Patch management is key. It is critical that as soon as they become available you install updates for your applications and for your computer’s operating system.
  • Be cautious about installing software (especially software that is too good to be true – e.g., download accelerators, spyware removal tools), and be conscience about pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.

Make sure your company is not an easy target for the cyber criminals by having a penetration test by a trained and experienced Certified Ethical Hacker.

Penetration testing is the process of evaluating both your physical and digital security systems and finding all areas that are insecure and that need attention. The main goal of penetration testing is not only to find security vulnerabilities, but to attempt to exploit them as well, which can decrease the chances of data loss or allowing unauthorised persons access to secured data. Common problems discovered by penetration testing include software bugs, design flaws and configuration errors. Once these have been identified, they need to be quickly repaired in order to ensure that safety isn’t compromised for longer than necessary. Testing is vital for any business, no matter how large or small, as data has become the most important currency available to organisations and hackers.

Penetration testing should be performed by an experienced tester from outside the organisation or the service provider whom has configured the solution, website, network, etc. It is all too easy to ignore or turn a blind eye to a known issue, or to have the attitude of ‘Nobody could possibly find that flaw!’ or ‘Who would want to hack us? We’re not interesting enough!’ As this involves the security of the business, no half-measures can be taken. Security breaches happen every minute of every day, and unless you have a dedicated team for penetration testing, it may be wise to consider outsourcing the procedure. Having an in-house team is ideal, but there are many businesses that find good reasons to outsource the testing and security of their information systems.

Thanks to our Guest blogger this month
Wynn Jones ECSA/LPT CEH CHFI CVE CCA MCSE
http://www.praetoriansecurity.co.uk

 

Do I use Protection?

passwords

Password protection of course.

In this post, we are looking at passwords – and what people do or don’t do with them. It was inspired by a recent report online about the most common passwords of 2013. It scares me when I see what is being used. Strong passwords are one of those things we know we need, and should be using, but tend to put little to no effort into. Then we tend to be the first to shout ‘my details were taken’ when things go wrong.

So what are the rules then? Different camps will give you different instructions, and some will claim a password is strong when in fact it isn’t.

Let’s look at the most common methods:

  1. Use Different passwords everywhere.
    Why should we have to do this when it is so easy to use our pets name at every password prompt? Well it’s simple really. If someone guesses your pets name, and believe me they will, then they have access to every site you use. A study by an online company, called BitDefender, showed that 75% of people will use the same password for their email and Facebook. If that is then also your PayPal password, and it’s discovered, say goodbye to some funds and your friends.
  2. Remember the Underwear Meme
    Seemingly the saying goes like this: Passwords are like underwear. You should change them often, maybe not every day of course. Don’t share them. Don’t leave them out for others to see. (No Post Its). They should also be mysterious and a secret to others. So make them something that they can’t guess.
  3. Avoid Common Passwords
    If the word can be found in a dictionary, it is not a strong password. If you use numbers and letter as they appear on the keyboard, it’s not a strong password. Relatives names and pets names, NO. Even if you follow them with a number. Birthdays and anniversaries are just as bad sadly. Hackers will try all these things first. They actually run programs to check all these kinds of passwords, and for the love of all that’s techie, if you use “password” as your password, please just sign off the Internet right now. SplashData has been listing the 25 worst passwords for some years now, and “password” has always topped the list as the most common password. This year it was deposed by the long-time second worst password: “123456.” No, really!

So what are you tips I hear you cry!

Don’t cry, here is some advice.

Strong Password Solutions

How to Build Strength

To create a strong password, it is suggested you should use a string of text that mixes numbers, letters that are both lowercase and uppercase, and special characters. It should be eight characters, but preferably many more. A lot more. The characters should be random, and not include words, flow alphabetically, or be from your keyboard layout.

So how do you make such a password?

1) Spell a word backwards. (Example: Turn “New York” into “kroywen.”)

2) Use l33t speak: Substitute numbers for certain letters. (Example: Turn “kroywen” into “kr0yw3n.”)

3) Randomly throw in some capital letters. (Example: Turn “kr0yw3n” into “Kr0yw3n.”)

4) Don’t forget the special character. (Example: Turn “Kr0yw3n” into “Kr0yw3^.”)

You don’t have to go for the obvious and use “0” for “o,” or “@” for “a,” or “3” for “e,” either. As long as your replacement makes sense to you, that’s all that matters. A “^” for an “n” makes sense to me.

The suggested best form today seems to be creating a sentence and type it in, including spaces. It takes algorithms much longer to crack something like that than it does just for straight words – even if you have changed the letters for symbols and numbers. (Example: “I love yellow trousers”). This believe it or not is quite secure, and has the added advantage of being easier to remember. Of course, I could also swap numbers for letters and include symbols as well.

Well I hope you got the point and the Protection is definitely needed.

To finish, here is last year’s list of the 25 most commonly used passwords. I expect to hear the cries of despair as you recognise yours. It also shows their change in rank from the year before, and includes some newcomers for this year as well.

1. 123456 (Up 1)

2. password (Down 1)

3. 12345678 (Unchanged)

4. qwerty (Up 1)

5. abc123 (Down 1)

6. 123456789 (New)

7. 111111 ( Up 2)

8. 1234567 (Up 5)

9. iloveyou (Up 2)

10. adobe123 (New)

11. 123123 (Up 5)

12. admin (New)

13. 1234567890 (New)

14. letmein (Down 7)

15. photoshop (New)

16. 1234 (New)

17. monkey (Down 11)

18. shadow (Unchanged)

19. sunshine (Down 5)

20. 12345 (New)

21. password1 (up 4)

22. princess (New)

23. azerty (New)

24. trustno1 (Down12)

25. 000000 (New)

Let us know what you think, and how you cope with remembering all the various passwords you use.

Flexible screens, a touch of the future?

 

The rumours and sneak previews of flexible screens by Samsung and other manufacturers has caught our eye and intrigued is. So here we are going to give you some gleaned info from the net.
But first let us ask you a question. What usage would you see flexible screens having and would they be better than what we have just now?
We picked our brains and thought of some of the following: –

Wrist devices.
Jackets or waist coats.
Wall mounted devices that follow the contours of the wall.
But what else?

Anyhow, onto what we have gleaned from the web.
We have viewed over the last 8 to 10 months the videos that have been going around demoing the flexible screen, or OLED manufacture. This new revolution has made manufacturers like Samsung go into overdrive with concept devices and then create videos demoing what they might look like. Here is one we have seen a few times and gets you thinking.

Samsung showed this at their CES talk this year. A brief potential view of where this technology maybe taking us. Again it will be down to the patent race and who gets the patents in first. Watch this space.
This next video shows the durability of the new screen technology, WARNING it does hurt to watch the screens we love today being pounded by a hammer…..

Ouch, that’s just not nice. But what about the OLED screen, durability at its core, flexible and will take abuse. There is definitely a market for that.
How about a touch window in your house. You get up in the morning and draw the curtains and the blinds are built into the window. Then you call up all sorts of touch screen info about weather and driving conditions etc. You are kidding me Ian surely I hear you cry….Well no.

Isn’t that amazing? Come on, it had you excited…..
So it looks like we will be able to wear the flexible units with Samsung already having launched their wrist device that is curved. We will also be able to drop then of a building by the look of it and then our houses will be equipped with the latest tech and info.
I just can’t wait!
Samsung are not the only manufacturer by the way, it is just they are at this time shouting the loudest about it with videos and promotions.

What are your thoughts on all this new Flexible screens and tech, does it excite you or bore you?

Ian Thomson
Consultant
IT Turning Point

 

Online or Offline

training and consultancy

Well the debate has heightened again about the use of Online to purchase goods and services. With the closure last month of Jessops, Blockbuster, Comet and HMV where do we stand with regard to keeping a healthy shopping and retail sector and the use of the Internet.

Initially when the Internet came around the speeds were too slow, major companies did not adopt the Internet quickly so choices were limited to what you could purchase. The security element was also a major concern.

However nowadays this has all been overcome and the Internet has flourished into a massive repository of all things. There is very little you cannot find somewhere on the Internet and usually cheaper than in the high street stores. There of course is still the area of security with a customer leak of details almost monthly from somewhere. The sellers are not all major companies and this can lead to failed promises and customers being let down and finally there is the aspect of dealing with someone who is not there face to face.

When we purchase from a shop and have problems we can usually juts go right back there and see someone face to face who will take ownership of the issue and get it resolved. (With some exceptions and horror stories of course). I can relate to the online scenario  having had a problem with a TV I purchased and the manufacturer wanted nothing to do with the faulty unit and the retailer online I had dealt with said there was nothing wrong with it. I was frustrated and felt I had nowhere to go.

So what is the reason we are going over to online so much. Well as you can probably imagine there are various reasons and here are a few I am sure you can identify with: –

  • Convenience of being able to shop from your own home at any time.
  • More and more traffic on the Internet nowadays is via mobile devices and it makes it so convenient to shop.
  • Things can usually be purchased and delivered cheaper than in the local store.
  • The Internet has become of age and is more acceptable to this generation.
  • Media is moving mostly to digital, films, music, etc.
  • And more.

This list is not exhaustible, but it is our fear that we will lose so much by going this way completely. I am a self-confessed GEEK and love where technology is going and the flexibility of the way we can do things. But, I am also sometimes of the opinion that it would be good to go and see and feel some products before we purchase them and also to chat to someone who knows something about them. I also believe in the local market and the local business owners making a living.

What are your thoughts and opinions? Is this move a good thing or a bad thing?

How can business adapt to this and keep them afloat and busy?

Ian Thomson
Founder/Senior Trainer/Consultant
IT Turning Point