Tag: phishing

Are cyber attacks still being conducted the same way in 2025? Top 8 cyber attack methods explained
New year, new threats? Hackers have not slowed down their efforts year over year, in 2024 the average cost of a data breach rose to 9.36 million US dollars. Of course this is taking into account the massive breaches that occurred last year with one attack costing the company that was targeted $500 million dollars.

Still, even for smaller businesses the average cost is usually somewhere between $120,000 to $150,000 – no small sum. Year over year though, the types of attacks haven’t changed even if they’ve become more effective in scale. These top 8 attack methods remain the same (with the first one leading in effectiveness by a landside):
1. Phishing: Phishing remains the top attack vector in 2024, with 90% of attacks still starting with a phishing email. Our advice on how to spot a phishing email has also stayed the same.
2. Ransomware comes in second and is preceded by a phishing email 40% of the time. In 2024 the largest single ransomware payment of all time was made to the “Dark Angels” ransomware group to the sum of $75 million.
3. Denial-of-Service (DoS) attacks are not a new player to the game, but they are part of an overall strategy we’ve seen by attackers to weaponize operational technologies to cripple businesses – either for a payout or just to send a message.
4. Man-in-the-middle attacks involving intercepting private conversations or data between one or two parties, a good example of this is an attacker setting up a fake Wi-Fi connection or intercepting unencrypted HTTP connections to gain user login information to a website.
5. SQL Injection attacks are a difficult one for consumers to guard against as they’re conducted on the backend of a businesses website or database and involve “injecting” malicious code. If you’re a business owner, it’s crucial to work with competent developers when creating consumer facing websites (especially if you’re collecting sensitive data through them).
6. Cross-Site Scripting Attacks are again difficult to guard against, these attacks are also extremely inconspicuous as the attacker in effect sets up a honey pot on the victim’s server or website and waits for it to collect data from the site’s users. Again, it’s crucial to work with a competent developer and IT provider when to protecting your data both internally and from being externally exploited.
7. DNS Spoofing involves redirecting users from the site they were intending to visit to an unknown site where their data can be collected (usually login information for the site they intended to navigate to). One trick for telling if the page you’re on is secure is to look for the little lock symbol in your navigation bar, this is a sign the page you’re on is using a secure connection.
8. Zero Day Exploits are the most difficult to protect against as they are attacks that are literally exploited the same day they’re discovered. Hackers are constantly looking for new ways to access your systems, and even if you’re a small business you’re never too small to be of use to them (even if it means leapfrogging past you to exploit your customers).
There is never a better time than the start of the year to evaluate your technology systems for improvements, at Valley Techlogic we can provide you with a comprehensive report on our recommendations for your business as well as a tailored plan to bring your business up to date in 2025. Schedule a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
January 10, 2025
Received a weird text from your boss? You’re not alone, text scams are rising in popularity
You’re sitting at your desk when you receive a text on your phone, it’s allegedly from the CEO of your company. He may say this is his new number (or his personal number) and he’s reaching out to you by name, adding to the legitimacy of the text. If you respond, he’ll say he’s in an important meeting and he needs you to use your company card to buy gift cards as a gift for the attendants of the meeting.

If you do so, and he’ll be keeping in constant communication with you in spite of being in an “Important meeting”, he’ll say he doesn’t need the physical cards just the codes which you can find if you scratch off the back. He may thank you for being a team playing after providing the codes or stop responding altogether because unbeknownst to you, the scam has been successfully completed.

Why gift cards? Gift cards are untraceable and usually not refundable when purchased. The scammer will quickly move the funds off the gift card leaving you with the empty plastic remnants and no recourse. Other variations on this scam may request Cryptocurrency instead (such as a message sent pretending to be one of your friends or a family member) but scammers know this would throw up too many red flags in a workplace setting.

The request even that unusual, if you’re an executive assistant for instance you probably regularly make purchases at the request of your employer. Scammers may target the whole company if they’re unsure who the influencers to the decision maker are or they may target specific individuals.

How are they getting the information to make their requests see more legitimate? They find it in the following ways.
1. Your Company Website: Often times your website will have information about your key players on it, including contact information. While we don’t recommend excluding this information to prevent being a target (as it’s valuable to those you want to legitimately do business with) it’s a good idea to remember that it’s out there when you’re getting strange communications via text or email that may call you out by name.
2. Social Media: This may be your company social media pages or even your personal accounts. We recommend making your personal accounts private and not oversharing on social media in general.
3. Search Engines: Nothing beats a good old fashioned Google search, and the information that’s available about you online may shock you. Phone numbers, relatives names, addresses etc. can all be found online. While there’s no real way to prevent this, you can somewhat keep track of what’s been made available by creating Google Alerts for your name, email address, etc.
While text scams may never rise to the prevalence of BEC (Business Email Compromise) attacks – which are being sent out at the rate of 10 per 1000 inboxes per day – it still showcases the way scammers will strategically target you and your business.

If you are looking to beef up your cyber security protocols in 2024, including providing your employees training to prevent attacks like this one, Valley Techlogic can help.

Security training is included as part of your monthly plan with us, as well as 24/7 monitoring, data recovery and remediation, backup solutions and more. Get started with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 15, 2024
In 2023 some of the biggest cyber-attacks were orchestrated with “low tech” methods
Whether you’re “tech aware” or not, most of us know that the human element is one of the riskiest elements of our business when it comes to our data being compromised.

2023 proved that in spades with many of the largest attacks of the year being orchestrated with “low tech” methods – whether that be social engineering as we saw with MGM or literally low tech as with the attack on Rockstar that was conducted with a cellphone, TV and an Amazon Firestick.

Attacks such as the one on MGM are conducted with social engineering and the attacker doesn’t need to possess any particularly strong tech skills to pull an attack of that nature off. These attacks are usually accomplished through persistence – the attacker sometimes researches their target and reaches out to decision makers or those close to decision makers to try and gain access through Vishing, Phishing, and other methods (see our chart below for examples).

They may also “bruteforce” their way in though not in the typical way you might think, compromised credentials are often found very cheaply on the web and many people use the same password for everything. The bad actor will again look for specific targets and then try to purchase credentials that will match their target.

A common social engineering attack is orchestrated as follows:
1. The attacker will research their target. This includes trying to figure out who is a decision maker or close to a decision maker. They may also look for details about you found on social media (such as family and friends names they can use to make their attack appear more legitimate).
2. The attacker will reach out to the victim using what they have learned or try any credentials they’ve managed to find. They may pose as someone you trust and can even spoof that person’s email.
3. They will use their access to infiltrate your systems or use your account to continue pursuing their target. They may not immediately make themselves known – many attacks are orchestrated over months or years to produce a bigger payout.
4. Once they have successfully infiltrated your systems the attack may proceed in a variety of ways, whether that be trying to ransom back your compromised data or systems, threatening to release stolen data online if they don’t receive a payout, posing as you to your clients to expand their reach and more.
5. The attack only ends when you can successfully remediate/remove their access.
This attack is the end game for many attackers but not all attacks have this level of energy put towards them, phone scams and simple email phishing scams can look to steal your credit card or banking info for a quick payout and these sorts of attacks are conducted en masse often by attackers located overseas. Scams like these are still a variety of social engineering and quite effective – and again any data they manage to get in the process can also be sold on the dark web allowing these attackers to “double dip” on the profits they receive from their nefarious efforts.

As we mentioned above many attackers are not conducted on a quick timeline, attackers know they can receive a bigger payout the more enmeshed they are in with the victim’s systems and data. Your system could be compromised right now, and you may not even know it.

Data loss remediation and protection is just two of the cyber security offerings Valley Techlogic provides to help us protect our clients from social engineering and other cyber based attacks. Reach out today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
December 29, 2023
In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed
MGM Resorts are a staple on the Las Vegas strip, operating more than two dozen hotels and casinos around the world with nine of them being found in Las Vegas itself. You may have heard of the Bellagio, Mandalay Bay, and the Luxor? These are all MGM properties that host millions of visitors each year.

Now some of those same visitors are wondering if the chain gambled with their private data. It was reported on September 11^th that MGM was facing some kind of “cybersecurity issue” that trickled down to their facilities, with customers facing problems using the digital keys to their hotel rooms to slot machines not functioning as intended.

Guests were left spending hours waiting to check in as the hotels shifted away from digital entry back to manual keys to get guests into the rooms they’d already paid for. It reportedly took 10 days for things to resume normal operations with some problems still occurring here or there.

It’s now being reported that the cause of this hack was a persuasive phone call made by one of the members of a hacker group called “Scattered Spider” which has since claimed ownership of this attack. In a strange turn of events this group does not prioritize technology-based attacks such as malware or phishing but instead mostly engages in “Vishing”.

“Vishing” or voice phishing is when someone calls you pretending to be someone else, they usually are purporting to be from a company you might do business with financially – such as your credit card company or banking institution.

With number spoofing this type of attack can be very effective, and as the MGM attack shows even a massive organization is not necessarily immune from an attack if the bad actors is using the right attack vector for the job. That’s why it’s important to have several safeguards in place when it comes to protecting your systems and data.

It’s alleged that a member of the Scattered Spider group found an MGM employee’s information on LinkedIn and was able to convince a member of their help desk to give them all the access they needed to perform the attack. Someone close to the group has said the original plan was to hack their slot machines but when that plan failed, they moved to plan B which was holding MGM’s data hostage for a payment in Crypto.

Even though they’re now back to normal operations, MGM is not out of the woods yet. Five class action lawsuits have been filed with customers claiming the chain risked their personal identifiable information (PII) by falling for this attack. Two were filed against MGM directly, and three against their partner company Caesars Entertainment. We have talked about the legal ramifications. of cyber attacks before and it’s something companies should definitely be aware of, the insult of being hacked may not end just with the loss of data or systems being damaged – there may be legal consequences as well.

Over 90% of successful attacks have a human element to them, with this most recent attack on MGM included in that figure. Cyber security training can go a long way in preventing cyber threats to your business, but vishing may still catch you or your employees off guard. You may be wondering how someone on the phone could possibly be so convincing that you give them access to your systems or financial accounts. We made a chart on the top 8 steps you need to take to guard against a vishing(voice phishing or)’ smishing (text message phishing) attack on your business.

Of course, as we mentioned the best defense against cyber attacks in general is a layered approach, that way if one wall is breached an attacker would still have to get through several more to do any damage to your business. That’s where a partnership with Valley Techlogic comes in – we take a layered approach to protecting your backups, protecting your systems, and protecting you and your employees from bad actors. Learn more today through a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 29, 2023
BEC Scams are becoming increasingly more common, and the payouts more lucrative
BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

So how do you protect yourself from a Business Email Compromise scam in 2023?
1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.
Many of the defense strategies against a BEC attack involve employee training. Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 11, 2023
5 USB flash drive safety and usage tips, also our 3 recommended drives for 2023
USB flash drives (also known as thumb drives or memory sticks) have grown a lot in the last few years, what was once a handy tool for transporting small files but couldn’t compete with the capacity of CD disks or traditional drives is now available in sizes up to 1 terabyte which makes them a competitive product for even backup purposes.

While they may have fallen in favor due to cloud services becoming more ubiquitous, many are looking for more tangible ways to backup important files and take them on the go.

Many users also worry about the safety of these devices. This is because they’re a common vector for drop attacks, which is where a USB drive is left in a conspicuous location for someone to find and try to use not knowing it contains a virus or trojan horse.

They also can be insecure if left on a desk or somewhere in public. Luckily, there are even options now that offer 2 factor authentication, biometric verification, and encryption. This means even if your flash drive fell into the wrong hands, it would be useless to the thief. You should also be wary of where you plug your flash drive into as the data path is a two way street.

Here are 5 more safely and usage tips for utilizing a USB flash drive:
1. Have separate flash drives for work and home. This will reduce the risk of cross-contamination if one of your devices is compromised, it will also make it easier to organize your files.
2. Be careful where you purchase your flash drives from. There are irreputable sellers online selling fake drives that don’t contain the amount of storage they’re supposed to, or worse they could be infected with malware. Always buy from a reputable source.
3. Don’t purchase any drives that require software for use. This is unnecessary and again opens up your device to being compromised with malware. USB drives should be “plug and play”.
4. Think about the physical size of the drive you’re buying. It needs to be able to fit into the device you’re trying to plug it into, and a bulky USB drive may not be compatible with all devices.
5. Be aware of the lifespan for the device you’re buying. USB flash drives (also solid-state drives and hard drives) have a certain number of write/erase cycles. Longer is better but if you plan to just keep a static backup on it you can get away with a lower number. Typical USB flash drives have 10,000 to 100,000 write/erase cycles.
If we’ve piqued your interest in USB flash drives, you still might not be sure where or what to buy. There are thousands upon thousands of options but here are three options we can recommend. We have one that fits the bill as a budget friendly option for general use, one that has a slim sturdy form factor, and one that meets the requirements if security is a concern.

Security conscious.

Slim form factor.

Budget friendly.

All of the options we have selected have USB 3.0 speeds, while this is changing all the time this is the minimum we recommend as of writing. You also want to be aware of what kind of connector you’re looking for. USB-A is the most common but there are options for USB-C, MicroUSB and Lightning connectors on the market. You can also use an adaptor if needed.

If you need hardware buying advice for your business, including the topic of digital storage, Valley Techlogic is happy to help. We can help you select the best option and offer advice on how to secure it. You can learn more about procurement assistance through Valley Techlogic here or schedule a meeting to find out more about our services.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 14, 2023
ChatGPT is allowing even novice wannabe hackers to construct their own malware
ChatGPT is a power AI chatbot that allows the user to communicate a question to it and receive a very thorough answer on any topic the user can dream up. Created by OpenAI and already fielding massive investment offers even from companies like Microsoft, they’ve had a ton of buzz in the news both positive and negative.

It first came under scrutiny when it became apparent the tool was great for generating lots of content quickly, including articles that students could use and submit (though the quality of these articles can vary greatly).

This is because tools like ChatGPT scrub great swaths of the internet for their content. Whether it’s being asked to write a paper on the Civil War or generate a Picasso-esque picture, it takes the prompt and quickly compiles the database of knowledge it has built up from data readily available online and provides the user with what they’ve asked for.

There has been a lot of discussion around the future of AI and the ramifications of copyright, particularly when it comes to original written works or art, but today we’d like to focus on ChatGPT’s scripting capabilities and the potential pros and cons.

As leaders in the IT space we were already aware of the buzz around ChatGPT’s scripting capabilities, with some programmers praising it’s ability to create simple scripts and the potential it had to make aspects of their jobs easier. While others lamented what it meant for the programming role as a whole or whether the code output was really “up to snuff” especially when used in real world applications.

It’s become clear there’s a niche for ChatGPT in creating low level tools, but this unfortunately also includes malware and encryption scripts – which often aren’t very complicated and easily deployed via phishing type scams.

As reported by Axios, there is already evidence that hackers are using ChatGPT in the creation of malware or in improving their existing attempts to create new malware scripts. There is also evidence that it’s being used by less technically inclined people to create malware they otherwise would not be able to make.

OpenAI has made statements that they are looking to improve their product and prevent it from being abused, in the interim we would advise users to be especially cautious when clicking on links or downloading files. We wrote an article on how to spot phishing clues online that might be worth a review.

For businesses who have made getting serious about cybersecurity a primary goal in 2023, here are 6 ways Valley Techlogic can help.

Click to grab the full size version.

Looking to learn more? Schedule a quick consultation with us today or take advantage of our 2-hour free service offer to experience our commitment to quality service for yourself.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 13, 2023
More data breach woes for LastPass and our recommendations for you on how to deal with it
We’ve posted about LastPass data breaches before but at that time it was purported to be a false alarm according to the company, the news on this most recent breach is that it’s real and that LastPass users should be concerned.

The data breach in question happened in August but LastPass is just now revealing the details on what was stolen and the scope of breach. At the time of the hack LastPass was again saying that it was a false alarm but that wasn’t true and “backup customer vault data” was accessed during the August incident.

This backup vault data included both unencrypted data such as website URLs and encrypted data such as website usernames and passwords. Having both details will allow hackers to easily put two and two together to access customer accounts.

With that said because the data for usernames and passwords is still encrypted LastPass has let customers know their data is still safe, as they say it can only be unencrypted with their unique encryption key that is derived from your master password. User master passwords are not accessible due to their “Zero Knowledge” architecture.

With this architecture no one, not even LastPass themselves, has access to a user’s master password. LastPass requires that master passwords be 12 characters long so even if the hackers who accessed this data attempt to brute force individual passwords it would still be difficult to impossible, with LastPass themselves estimating it would take “millions of years using generally-available password-cracking technology”.

LastPass users should still be on the lookout for phishing attempts in the upcoming days however, even if your data is safe bad actors may still use the news of this breach to attempt to trick users into revealing their data. You should never share your password details with anyone, especially your master password. LastPass will never ask you for your password information.

Also some additional advice for business owners who may own websites from Google, because the URLs in this breach were not encrypted they may include some that you didn’t want publicly accessible. John Mueller a SEO expert at Google recommends reviewing any website URLs you may have that may inadvertently leak data for your business, including customer form data.

We still believe password managers are a security benefit to both consumers and businesses alike. They’re one small part of increasing overall cybersecurity awareness and safety and fall under the larger spectrum of increasing user education and accountability.

We’ve posted about proper password safety and advice on avoiding phishing attacks, but here are the top 5 things you can enable in your business today to improve your cybersecurity safety in 2023.

If news of breaches make you nervous and you aren’t sure if your business is prepared from a cybersecurity standpoint, Valley Techlogic can help. We consider ourselves to be a premier provider of cybersecurity services for businesses in our area and beyond. We can help your business by covering your endpoints, setting up secure backups, virus and malware scanning and prevention and more. Schedule a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
December 30, 2022
October is Cybersecurity Awareness Month, now in its 18th year
We’re announcing this a bit late, but we did want to touch on this annual event (now in its 18^th year). Every year CISA (Cybersecurity and Infrastructure Security Agency) releases new resources that are free to download and share for Cybersecurity Awareness Month. The theme this year is “See Yourself in Cyber” and we appreciate the effort to help everyone understand that cybersecurity measures are up to all of us to maintain.

So many cybersecurity measures feel very passive, you’re protected by your anti-virus or firewall automatically. Your IT team helps you navigate any issues that make come up. For businesses, advanced cybersecurity threat protection can detect a threat just from activities that fall outside the norm (like your computer being online at three in the morning) and send you a warning.

Unfortunately, hackers are always trying to circumvent these automatic measures no matter how advanced they become. The human element is still the biggest cybersecurity threat to your network and business. That’s why acknowledging we all have a role to play in preventing cyber threats is so important.

CISA recommends four important steps we all need to take online:
1. Think Before You Click: Before you click on that link in an email or download an attachment, do a little research. Is the sender who you expect it to be? Phishing emails are still the #1-way users are hacked.
2. Update Your Software: This is good common-sense advice; most patches also include important security updates and it doesn’t take very long to install them (and for Windows devices you can even have them run automatically).
3. Use Strong Passwords: This is another easy one and if you use one of our password manager recommendations, it’s even easier to create stronger passwords that you don’t have to manually remember.
4. Enable Multi-Factor Authentication: This is CISA’s fourth tip for this year and lucky for you we have a guide for this too.
These tips may seem simple, but they will be hugely beneficial to preventing a cyber threat for you, your business or your employees. However, you can take it a step further and engage with cyber security training.

You may be wondering what that would look like, well you’re in luck. We have a sample training session right here for you to review with your employees:

This is just a quick sample lesson; through our partner we have bite sized lessons that include video that you and your team can take to beef up your cybersecurity knowledge. They average 2-3 minutes long with a quick quiz at the end to make sure the knowledge was absorbed, and you can even see your employees average scores to see how everyone is doing.

If you incentivize taking this training it will not only be a team building opportunity, it will also help your business stay safe from cyber security threats. If you’d like to learn more about cybersecurity training or stepping up your cybersecurity measures in your business (including the aforementioned advanced cyber threat detection) reach out today for a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
October 27, 2022
Google blocked the largest DDoS attack ever, peaking at 46 million requests per second
While it’s just now being reported on, the DDoS attack on Google Cloud occurred on June 1^st and lasted for 69 minutes – reaching a peak of 46 million requests per second.

Source: Google Cloud

We’ve covered Distributed Denial of Service (DDoS) attacks before in this blog, but the scale of this one is mind boggling. It’s nearly twice the size of Cloudflare DDoS attack from last year around this same time, which peaked at 26 million requests per second (sent from just over 5000 devices).

If you’re wondering where the devices used in these attacks originate from, the answer in this case is unsecured devices. Specifically compromised Mikrotik routers.

There’s been a number of articles regarding possible compromises to the Mikrotik brand of router including one instance that involved over 200,000 devices. Many in the security space wondered if there would be a fallout from that and now, we have our answer.

However, what’s more impressive is not the scale of this attack, but the fact that it was successfully blocked by Google.

Botnet attacks of this nature are not rare, it’s difficult to say exactly how many attacks occur per day but it has been noted they’re on the rise since the Russian invasion of Ukraine. A botnet is essentially an assembly of compromised devices that are used to attack a target. DDoS attacks are one of the most common uses, but they’re also used for phishing, cryptomining, or to bruteforce passwords just to name a few. The largest botnet ever recorded belonged to Russian BredoLab and consisted of 30,000,000 devices.

Would be bad actors can even purchase DDoS as a service for as little as $5 per hour which should give you an indication how prevalent and common they are as an attack vector.

Google blocked this attack by leveraging their Cloud Armor product, a network security service directly aimed at preventing DDoS attacks. If they were looking for a powerful case study for the effectiveness of this product, we can think of no better example then effectively blocking the largest DDoS attack in history (so far).

Part of blocking a DDoS attack is early detection. DDoS attacks ramp up, if you can detect an incoming flux of peculiar traffic to your network you can block the attack before it’s able to scale up and cripple your network.

Besides blocking potential attacks, the other side of the coin is not becoming an unwilling participant in a botnet through a compromised device in your home or business.

The sinister part of it is you may not even be aware your device is compromised and it’s not just mobile devices and personal computers that can be affected, even IoT (Internet of Things) devices can be hacked. There are a few things you can do to prevent your devices from being taken over by hackers as we outline in the chart below:

If your business needs assistance with protecting from any potential attacks or making sure your devices stay uncompromised, Valley Techlogic can help. All of our plans include robust cybersecurity protections at no additional charge, including assisting in your cyber security training goals (after all, human error is the #1 cause of data breaches). Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 25, 2022