Blog
  • Register

CTN Blog

CTN Solutions has been serving the greater Philadelphia area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Phishing attacks have been in the social consciousness now for a while, and for good reason. Phishing is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out well.

0 Comments
Continue reading

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is their very strange names! Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de Seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam. It is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

0 Comments
Continue reading

Uber Demonstrates the Importance of Disclosing a Data Breach

Uber Demonstrates the Importance of Disclosing a Data Breach

If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.

0 Comments
Continue reading

Looking Back at This Year’s Cybersecurity Issues

Looking Back at This Year’s Cybersecurity Issues

Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact.

0 Comments
Continue reading

Tech Term: Hacker

Tech Term: Hacker

The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.

0 Comments
Continue reading

Hackers Prey on Social Media Users

Hackers Prey on Social Media Users

Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.

0 Comments
Continue reading

A New Perspective on Ransomware

  Authentication required.

This is a password protected blog, please kindly enter the password into the password field below to view the blog.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.


Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries, its error messages divulge enough information that, after a short time, they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack.”

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that, with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact CTN at (610) 828-5500.

0 Comments
Continue reading

Is Your Security Prepared to Stop a DDoS Attack?

Is Your Security Prepared to Stop a DDoS Attack?

If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it recover in a timely manner? Do you have measures put in place to keep it from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half have proven to be ineffective against DDoS.


First, we’ll give a brief explanation of what a DDoS attack specifically entails. In its most basic form, a DDoS attack involves overloading your organization’s network with so much traffic that it can’t handle the strain. When this happens, access to critical information and services can be lost, hindering operations and causing downtime. This is the main damage dealer of a DDoS attack, and any business executive can see why. When productivity is impacted, like during downtime, time and profits are wasted.

According to a recent report from CDNetworks, an immense 88 percent of companies believe that they have adequate defenses against DDoS attacks. 69 percent of these companies have also suffered from a DDoS attack in the past twelve months, which should prompt any open-minded company to consider whether or not the measures taken are actually helping.

To give you an idea of just how much this protection is costing these organizations, let’s take a look at some other statistics. US companies tend to spend somewhere around $34,700/year on DDoS protection, while European countries spend around $29,000/year. With such a significant investment, why do DDoS mitigation attempts fall short of the desired goal, and what can be done to solve these issues?

Learning from these failures is the ideal approach to securing your organization from DDoS attacks. Sixty-six percent of organizations are already making plans to invest more heavily in DDoS attack prevention and mitigation over the next year. How do you plan to protect your business from the threat of DDoS attacks against your network?

If you aren’t sure how to protect your organization from major threats like DDoS attacks, reach out to CTN Solutions at (610) 828-5500.

0 Comments
Continue reading

30 Schools Shut Down In Montana After Cyber Attack

30 Schools Shut Down In Montana After Cyber Attack

Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.


TheDarkOverlord Solutions also went as far as to make graphic death threats against the children attending the schools, taking advantage of the memory of recent school shootings. This hack resulted from the Columbia Falls district server being targeted, which contained all sorts of personal data belonging to residents of the school district. This includes addresses, medical histories, behavioral history, and other information that’s helpful to cybercriminals. Thanks to these events, 30 schools closed and canceled any weekend activities. When class resumed, there was more security in place.

TheDarkOverlord Solutions, true to its name, targets individuals that have particularly lucrative data on the line. In July 2017, they were responsible for a major information harvest from healthcare providers which resulted in almost 9.5 million records going up for sale on the black market. These records were reportedly stolen from a clinic, a healthcare provider, and a health insurance provider.

This same group also reached out and made their name known by stealing media from Netflix. The popular series Orange is the New Black was released prior to its actual release date, thumbing the nose of the audio post-production studio that provided a ransom of $50,000. It just goes to show that you can never trust a thief!

All signs point toward the Columbia Falls school district to not pay the ransom demanded of them. They made the correct choice by not giving in to the demands of hackers, as there is no reasonable expectation that the data will be handed back. If they do decide to pay the ransom, it’s money that’s just going toward funding further ransomware attacks. Plus, if they are willing to pay, it just shows that the tactic actually works.

The best way to stay secure is to protect your organization against all types of threats. To learn more, reach out to CTN at (610) 828-5500.

0 Comments
Continue reading

Charity Scams Are Very Real. Here’s How To Dodge Them

Charity Scams Are Very Real. Here’s How To Dodge Them

Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.


Donations now take advantage of web pages and online applications that can send your donations to those in need through an electronic payment system. This is why it’s much easier for scammers and fake charities to steal from those who simply want to do some good in the world. If you’re going to go out on a limb for someone else, be sure to keep these tips in mind before making a donation.

Donate Only to Charities that You Know
Believe it or not, there are people who will purchase the domain names for specific hurricanes as soon as the names of the storms are revealed. They plan to scam users from the start. If you’re ever in a position to donate to those in need, try to pick a charity that you’re familiar with to keep this from happening.

Confirm the Authenticity of These Organizations
When you’re looking for an organization to donate to, take some time to make sure that it’s one that is legitimate. You can evaluate the legitimacy of various charities at the following websites: Charity Navigator, Charity Watch, GuideStar, or the Better Business Bureau’s Wise Giving Alliance.

Be Skeptical of Links
If a major disaster has occurred, be wary of any messages in your inbox asking you to donate. Hackers may take the opportunity to scam users with phishing emails designed to garner support for those struck by a natural disaster. Links could lead to downloads or infected attachments that could infect your PC with malware.

If you would like to donate safely to those who are suffering due to Hurricanes Harvey and Irma, you can trust FEMA and the National Voluntary Organizations Active in Disaster. Remember, just because you want to help someone in need doesn’t mean that you should put yourself at risk.

0 Comments
Continue reading

The Most Popular Domains Make the Biggest Targets for Email Spoofing

The Most Popular Domains Make the Biggest Targets for Email Spoofing

Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.

0 Comments
Continue reading

Scammers Use Whaling Attack Emails to Pose as Upper Management

Scammers Use Whaling Attack Emails to Pose as Upper Management

The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.


Whaling attacks are designed to mimic the behaviors of CEOs or other members of upper management. This could be in the form of a manager, a COO, or even a CIO. Whaling attacks are often successful because they appear to come from a legitimate source; nobody expects their boss to get hacked, and naturally they will want to do as they say. It appeals to the nature of the office worker to want to avoid conflict with upper management, and the fear of getting in trouble for insubordination. In addition to looking like an official business email, some whaling schemes may even resemble documents from the FBI or other government institutions.

Once this fear has been instilled in the hearts of the average office worker, it’s only a matter of time before one of two things happen: 1) The hacker gets what they want, be it sensitive credentials, a fraudulent wire transfer, or otherwise, or 2) The office worker realizes that they’ve been duped, and deletes the email. Unless the worker knows what to look for in a phishing message, however, the more likely scenario is the former.

In the face of any type of phishing attack, be it a spear-phishing attack or a targeted whaling attack, it’s important to remember that you should always think with your brain first before immediately reacting to a message like this. Take a moment to consider how much sense it makes to follow the instructions in the email that you’ve received. By simply taking a deep breath and calmly analyzing the email, you could be saving yourself a lot of pain and frustration.

As is the case with any phishing attack, look for irregularities in both the message itself, and the address that the message came from. Does it come from a legitimate sender? If so, what’s the email address? Look it over carefully and try to spot anything that’s out of place. Are there any numbers or letters that are trying to mask the true email address? Is there anything suspicious about the contents of the email? Look for curiously repetitive or urgent requests. Hackers like to use time-sensitive language to rush users into making a decision.

In dangerous situations like this, wouldn’t it be great if any whaling attacks and other phishing schemes stayed out of your inbox in the first place? With a spam blocking solution, your business will have little to fear from dangerous or fraudulent messages by eliminating them from your inbox entirely. We offer powerful enterprise-level spam blocking solutions that are designed to keep your business free of malicious or wasteful messages. To learn more, give us a call at (610) 828-5500.

0 Comments
Continue reading

Tip of the Week: How to Spot and Avoid Email Spoofing

b2ap3_thumbnail_email_spoofing_400.jpgLet’s say you get an email from a close friend. It looks like it’s legitimate, until you check the contents of the message. It’s an advertisement, or it’s trying to get you to click on a link to see something “important.” Regardless of what the content of the message is, you should probably slap that bad boy in the Spam section of your email inbox. You’ve just been the target of email spoofing, and it’s more common than you might think.

0 Comments
Continue reading

Tip of the Week: 5 Clues that an Email is Really a Phishing Scam

b2ap3_thumbnail_do_not_go_phishing_400.jpgOne of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?

0 Comments
Continue reading

3 Reasons Why Hackers Like to Target Small Businesses

b2ap3_thumbnail_network_security_400.jpgThis October is Cybersecurity Month! Some businesses think that they’re immune to hacking attacks because they’re “low profile” compared to huge corporations. However, the truth of the matter is that your organization is just as much at risk as they are. This month, take measures to keep your organization’s data safe, or risk losing everything in the fallout of a hacking attack.

0 Comments
Continue reading

The Coding For Your ATM Shouldn’t Be as Dirty as Its Cash

b2ap3_thumbnail_atm_malware_threats_400.jpgMalware that targets ATMs isn’t a new concept. After all, ATMs use internal computers that can be hacked just the same as any old workstation. The prime difference is that hacking into an ATM allows for a direct dispensing of cash, rather than some crafty behind-the-scenes action. A new type of ATM malware, titled GreenDispenser, is a cause for concern in Mexico, and could spread to other countries if left unchecked.

0 Comments
Continue reading

How Much Is Your Identity Worth on the Black Market?

b2ap3_thumbnail_the_dark_web_400.jpg

Have you ever wondered what hackers do with all of the data they steal on a regular basis? Sure, they could go public with it like they did with the Ashley Madison and Sony hacks, or they could sell it and make some quick cash. Credentials like passwords, usernames, Social Security numbers, and more, can be sold for top dollar in illegal markets, but how much can your identity go for?
Continue reading

Why Your Business Should Be Concerned About CryptoWall

b2ap3_thumbnail_new_ransomeware_400.jpgRansomware is one of the most devastating computer viruses in today’s computing landscape. You may have heard of one of its most famous variations, Cryptolocker. It received a lot of attention when it dramatically hit the scene two short years ago. Thankfully, the threat from CryptoLocker has decreased after the GameOver Zeus botnet was taken down last year. Although, now we’ve got a new, more contagious strain of this ransomware to deal with known as Cryptowall.

0 Comments
Continue reading

Criminals Don’t Even Need Malware to Hack You Anymore

b2ap3_thumbnail_networks_security_practices_400.jpgWe’re all aware of how much damage malware can inflict on a business. Malware, can perform functions like lock down files, steal sensitive data, and distribute crippling viruses. As malware prevention gets more sophisticated, so are the hackers. Indeed, recent studies show that malware is now involved in less than half of all reported hacking attacks. Instead hackers are taking advantage of legitimate means that don’t raise a red flag for security systems.

Continue reading

Mobile? Grab this Article!

QR Code

Latest News & Events

CTN is proud to announce the launch of our new website at www.ctnsolutions.com. Be sure to check out our 6 key service areas where we have highlighted specific services we offer. And don’t forgot to subscribe to our BLOG that provides helpf...

Latest Blog

Every time something goes terribly wrong, and you are left assessing the damage of some seemingly unfortunate situation, you typically find that by taking a bit of time preparing for the worst could have kept you from the disaster at hand. ...

Contact Us

Learn more about what CTN can do for your business.

Call us today
(610) 828-5500

610 Sentry Parkway
Suite 110
Blue Bell, Pennsylvania 19422