Physical Security

Vishing is Evolving

Vishing is EvolvingThe phishing tactic using voice calls, known as vishing, is increasing in use and evolving. A recent study found that almost half of organizations surveyed were targeted by voice call phishing or social engineering in the past year. Robocalls and attacks on mobile phones are starting to be challenged by mobile carriers. Most of us have experienced “Spam Risk” on a mobile phone over the past year. Criminals are adapting to the new restrictions and targeting organizations instead of individuals. Unlike individuals, businesses have to answer their phones in order to serve a customer base. Criminals know this and are taking advantage of vishing tactics at the organizational level.

Another change is voice call attacks are evolving from robocalls to more targeted spear phishing attacks. Criminals are doing research on businesses and employees and targeting individuals instead of calling thousands of numbers with an automated tool. Criminals use software to crawl the internet looking for open-source information on social media and other websites. When they have enough information to form a picture of habits and character, they contact the employee to start building a relationship. The criminal may impersonate a customer, vendor, or employee within the same business.

98% of cyberattacks use some element of social engineering. The study found phishing was not limited to voice calls. 32% of phishing attempts were made over text message or SMS, and 16% were made over collaboration tools like WebEx or Microsoft Teams. As the telecommunication industry responds to criminal activity, hackers will continue to evolve their tactics. Voice phishing calls utilize the same concepts used in all phishing attacks. Criminals usually try to create a sense of urgency, so the employees don’t have time to ask questions. They may pretend to be a vendor asking for a billing information or a coworker asking for a password so they can quickly get a job done. The study cited employee education as the greatest defense against evolving attack vectors.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Physical Security, Recent Posts, Small Business

Three Types of UPS (Uninterruptible Power Supply) – Back to Basics Podcast

Jack talks through the three types of UPS devices, and their benefits and application.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Physical Security, Small Business

DDoS Attacks on the Rise

DDoS Attacks on the RiseDistributed Denial of Service (DDoS) attacks are getting smarter and increasing in every available vector in 2022. This style of attack was up 434% in 2021 over the previous year. Additionally, targeted smart attacks were up 31% and multi-vector attacks were up 73%. US Banks were targeted the most, but the healthcare industry, remote learning and education, and technology companies also ranked high on the list of targeted demographics. The United States also tops the list of targeted countries at 54% followed by India and Europe.

Microsoft released details over the weekend of a new record-breaking DDoS attack they fended off. The attack peaked at 3.47 Tbps and came from 10,000 sources across 10 countries. DDoS attacks occur when hackers use compromised devices connected to the internet to overload a targeted server, website, or network. IoT devices are one category of devices that can be weaponized. Read our recent blog post on IoT security here.

Criminals are also using compromised servers to amplify attack numbers causing new attacks to still break records. Hackers use open DNS resolvers to filter the data through and increase the size of the attack hundreds of times the original size.

While a DDoS attack is not a data breach, it can act as a diversion for a ransomware attack. The attacks are becoming more targeted, so criminals could use a DDoS attack to divert IT resources to give hackers more time in the network to steal and encrypt data. Typically, DDoS attacks intend to deface company or government websites, create financial hardship, or disrupt web traffic. Lately, hackers have been targeting online gaming servers because a disruption of just a couple of seconds can have a detrimental outcome in an online multi-player game.

No business is too small to be attacked. It’s important to understand the threats of a DDoS attack and discuss options with your MSP to keep from becoming an easy target. Some best practices include up-to-date firewalls, understanding your bandwidth need, and monitoring tools to alert you of an attack.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business

Ransomware – The Triple Threat Podcast 12

Jack and Chuck talk about the new trends we are seeing in ransomware attacks when the victims decide they don’t want to pay the criminal.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Physical Security, Recent Posts, Small Business