A major ransomware attack Sunday kicked the majority of Italians off of the internet before administrators were able to restore service.

Italy’s National Cybersecurity Agency, ACN, said the attackers targeted a known vulnerability in VMware’s ESXi servers. VMware encouraged customers to install patches.

If it feels like you’ve heard this story before, that’s because you probably have. In fact, you’re forgiven for thinking this feels like Groundhog Day.

That’s because the vulnerability was first detected almost two years ago, and the Canadian Centre for Cyber Security issued its first security advisory – known as AV21-093 – on February 24, 2021. The Canadian cybersecurity agency issued a second advisory, AV22-689, on December 9, 2022. 

Forgive us, but here at STEP Software, we’re optimists, and we believe the dawn of a new year brings all sorts of opportunities for renewal and growth to employers and their employees.

Optimistic doesn’t mean we aren’t realistic, though, and as 2023 dawns all fresh and clean and shiny and new, we also recognize that cybercriminals remain as threatening and dirty as they’ve always been. Actually, even more so.

So, as we’ve been reviewing our own cybersecurity plans for the upcoming year, we wanted to share some recommendations with you so that you can consider incorporating them into your own workflow. Because it’s always a good time to focus on cybersecurity.

Various reputable sources, including the United States Federal Bureau of Investigation, the Canadian Crypto Module Validation Program and Microsoft, have reported a significant increase in the number of ransomware attacks since the onset of the COVID-19 pandemic. How prepared is your organization to defend against such an attack? There are best practices that, if implemented, could prevent an attack from being successful or at least mitigate the effects thereof. Additionally, there are recommended actions to take if your systems or data are affected. Risks associated with giving in to the attacker's ransom demands should also be considered before any payment is made.

How the attacks work

Malicious software is used to deny access to data or systems until or unless the attacker's ransom demands are met. Methods for delivering the malware payload vary, with the three of the most common being phishing emails, exploitation of application vulnerabilities, and delivery via remote desktop protocol (RDP). The use of phishing emails as an attack vector is currently on the rise.

Like it or not, data collection technology is pervasive. Your online activities and purchases are tracked. Your travels are monitored, and your location history is stored. Cameras regularly capture your image in public places. Now, technology recently patented by Microsoft for the stated purpose of improving meeting efficiency in the workplace may soon be monitoring the effectiveness of your behaviour at work. The collected data is then used to evaluate meeting participants' body language and analyze the data collected to determine whether or not they are making significant contributions to the meetings they attend. Although this technology is still in its infancy and there are currently no indications of when, or even if, Microsoft plans to make it available for deployment in the workplace, concerns have been raised that it crosses a line and that, if widely implemented, it could result in changes that will negatively impact a significant percentage of the working population.

How It Works

Using sensors, cameras, and software algorithms, Microsoft's "Meeting Insight Computing System" (MICS) will collect data on each meeting participant's body language, expressions, and participation level. MICS will also track how much time attendees spend on activities that are not meeting-related, such as texting or reading email. For remote meeting participants, MICS factors in whether or not they activate their cameras. The system will also take environmental factors into consideration, including the temperature and level of noise in a meeting room. Meeting time is also considered. A hot meeting room, a room with a distracting level of noise, or a meeting running into lunch hour could affect the attendees' levels of participation.

Hypertext Transfer Protocol Secure (HTTPS) has surpassed Hypertext Transfer Protocol (HTTP) to become the most popular website protocol on the internet. According to research conducted by tech survey organization W3Techs, over 60 percent of all websites are now powered by HTTPS. They use a digital certificate that encrypts their data as it flows to and from their respective visitors.

While HTTPS is undeniably popular, its technical nature has given rise to many myths. When deciding whether or not to use it on your website, you must separate fact from fiction. Otherwise, you may unintentionally take the wrong path with your website.

Outsourcing your IT department offers impressive benefits, such as improving productivity, increasing security, and gaining access to the latest technology. However, one of the main advantages of using a managed service provider is that it is an excellent way to save your company money in many ways. Instead of hiring additional IT employees, a managed service provider will take care of all your technical needs in the workplace at a fixed price each month. Ultimately, this will make it easier to stay within a budget, as you will not have to worry about any unexpected expenses.

Here are a few more ways that an IT service provider can save your business money.

Identity theft has reached epidemic proportions, with millions of stolen credit card numbers, Social Security numbers and bank account data for sale on the dark web and millions more traded on secret hacking sites. Cybercriminals use a multitude of tactics to obtain this ill-gotten booty, from backdoors planted inside compromised computers to keyloggers embedded deep within the operating systems powering popular mobile devices.

As users grow wise to these cyber threats, the bad guys are adapting their tactics, adjusting the way they do business in an attempt to trick people into giving up information they otherwise would not have. One of the slyest and most dangerous forms of cybercrime takes advantage of human psychology, making it particularly challenging to combat.

This insidious form of cybercrime is known as social engineering. It has been successful with everyone from ordinary home users to the executives at Fortune 500 companies. If you want to protect yourself, your devices and your data, understanding how the cybercriminals operate and how they trick their victims is a smart place to start. Here are some of the most popular tricks and how to fight back in an increasingly treacherous digital landscape.

You may have noticed lately that more businesses have made signing in to your online account more of a hassle. Most of the time, this is a one-time passcode that's sent to your phone number or email. This is an example of two-factor authentication, a method of proving your identity. Two-factor authentication is a concept in cybersecurity that tries to make it more difficult for someone to access your personal info online. If you're running an online business or just a consumer struggling to understand why there's this extra step, here's a brief explanation of two-factor authentication and how it helps you stay secure.

The Internet of Things (IoT) refers to the interconnectivity of all devices, from smartphones and wearables to smart vehicles and homes. As of 2020, there are over 24 billion IoT devices and according to technology experts, that number is multiplying rapidly. As the number of interconnected smart devices continues to grow, it will indisputably transform life in many ways.

1. The Internet Will Become Even More Interconnected

Currently, most devices, apps, and websites work independently of each other. However, as the IoT grows, the digital world will become more of an extensive ecosystem. This Internet ecosystem will be built on smart devices that are connected to central hubs to make sharing data across platforms faster and more straightforward.

2. Smart Appliances Will Do Mundane Chores for You

In the future, your smart appliances will be capable of doing many of the mundane chores that are currently your responsibility. For example, smart refrigerators will manage your grocery lists. Your fridge will take inventory and inform you when you are low on certain food items, and you’ll even be able to set it to (automatically) reorder specific grocery items for you when they’re running low.

3. Cloud Computing Will Continue to Grow

The most effective way to facilitate the rapid growth of the IoT is through the use of cloud-based platforms. That's because your smart devices must be able to run cloud-based apps so that they can stay connected, wherever you go. Therefore, as the IoT keeps expanding, cloud-based platforms will grow too.

In today's connected marketplace, a website is essential to the success of any business. Ensuring that your website is well-maintained is critical to achieving user satisfaction that leads to long-term success. Choosing to outsource development and maintenance for your website is a great way to optimize your employees' efforts while also maximizing website uptime. You will have the peace of mind that comes with knowing that your website is reliably working to help you reach as many customers as possible.

Interested in learning more? Here are five of the main benefits your business should take advantage of by outsourcing website development and maintenance.