Category: Croyten’s Blog


A report by NTT Ltd shows the root cause of the cybersecurity threat having substantially increased is perhaps the obsolete or aging devices. According to the report, on an average, an obsolete device has twice as many vulnerabilities per device (42.2 percent) compared to aging (26.8 per cent) and current devices (19.4 percent). These devices create security vulnerabilities and put businesses at risk of cyber attacks with people logging in from co-working spaces and remote work locations. The report suggests increase in investment in on-premises infrastructure and cloud spending.

Events like this are addressed by our company, Croyten, by reviewing your cybersecurity controls and recommending changes so that your critical system will be hard to penetrate by cyber attackers. Learn more about the services we offer.

What You’re Missing Out From Adopting Cloud Platform

By Amine Mekkaoui,

If you haven’t been tapping the cloud platform for your organization’s digital development, then you have been missing a lot.

As more and more B2B and B2C transactions are conducted on the cloud, to build a cloud-ready operating model must be companies’ main focus for their investments. Not only does it bring new business capabilities but hugely reduces technology risk as well.

According to an article from McKinsey Digital, companies that adopt well and work with external cloud platforms market more quickly, innovate easily, and scale more efficiently than companies that remain to be indifferent with the cloud. Indeed, cloud platforms are key pillars of digital transformation.

As information and technology officers, it is important to define the cloud as more than just a next-generation application hosting or data platforms because a narrow definition of it guarantees failure.

My observation about many CIOs and CTOs is that they tend to remain into doing traditional implementation models by default because these were successful and safe strategies in the past but that only makes it almost impossible to capture the real value from the cloud. As information and technology officers, it is important to define the cloud as more than just a next-generation application hosting or data platforms because a narrow definition of it guarantees failure. Why you ask? It’s because it is majorly significant to take into consideration the design of how the organization will need to operate holistically in cloud, or else, it will increase the vulnerability of your organization from attackers and will prevent you to maximize a modern technology that enables business agility and innovation. 

Here are some of cloud’s role in organizational digital transformation according to the International Data Corporation (IDC): 

  • Cloud as a platform enables agile application development;
  • Cloud-based infrastructure is key to delivering flexible, on-demand access to the resources underpinning new digital business offerings;
  • Cloud allows organizations to scale infrastructure as needed to support changing business priorities, while reducing the risks of wasted IT resources.
  • Cloud reflects an approach to application design, deployment, and delivery that allows organizations to get more effective use out of their compute and data assets.

Truly the need for CIOs and CTOs  to drive cloud adoption is at its all-time high. So, here’s three things you can do to maximize this opportunity fully: 

  1. Focus your investments on domains for business where cloud can thrive and enable increased revenues. The value that the cloud generates comes from heightened agility, innovation, and resilience provided to the business with sustained velocity. According to McKinsey, this approach helps in focusing towards programs where the benefits matter most instead of scrutinizing individual applications for potential cost savings.
  2. Select a technology and implementation sourcing model that is aligned with your business strategies and risk constraints. Wrong technology and sourcing decisions will definitely raise concerns about execution success, cybersecurity risks, and compliance. However, the right technology and sourcing decisions can “bend the curve” on cloud-adoption costs, which can encourage the management team be excited and support the shift.
  3. Engage and join forces with the leadership team to succeed. Joining forces with your organization leaders is significant in the areas of a) Technology funding – encourage company leaders into investing to critical infrastructure investments that will allow companies to add functionality more quickly and easily in the future; b) Business-technology collaboration – CEOs and relevant business heads must have decision-making authority over technical functionality and sequencing to attain the real value of the cloud. However, they cannot do this without knowledge on technologies and you should be there to help them understand; c) Engineering talent – encourage leaders to change hiring and location policies to recruit and retain the talent needed for success in the cloud, especially that  adopting the cloud requires specialized and hard-to-find technical talent.

With the COVID pandemic, companies are more forced to adopt modern and digital business models. You as business officers can accelerate your company’s progress by adopting the cloud since it is the only platform that can provide the required agility, scalability, and innovative capabilities required for this sudden transition. 

On an important note, the transition towards the cloud can be tricky. Enterprises need a partner that has a wide range of capabilities and skills around cloud consulting to help drive this. Feel free to check out Croyten for our IT services and we can work together to get your organization’s digital transformation through the cloud platform going.

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

By Amine Mekkaoui,

APT28. a Russia-linked threat group has changed up its tactics to include Office 365 password-cracking and credential-harvesting. The attacks have been aimed mainly at U.S. and U.K. organizations directly involved in political elections and have been going on since April.

Microsoft telemetry shows that the group launched credential-harvesting attacks against tens of thousands of accounts at more than 200 organizations between last September and June. 

Organizations and individuals can protect themselves by applying multi factor authentication (MFA) and actively monitoring for failed authentications for the cloud service.

Events like this are addressed by our company, Croyten, by designing your cyber systems into something that’s impenetrable by cyber attackers. Learn more about the services we offer.


A series of ransomware attacks and other cyber threats have plagued back-to-school plans.  Just last week, Hartford’s ransomware attack caused an outage of critical systems, including the school district’s software system that delivers real-time information on bus routes. The attacks include Zoom-bombing, a trend that began earlier in 2020 which occurs when a bad actor gains access to the dial-in information and “crashes” a Zoom session – often sharing adult or otherwise disturbing content. As students prepare to return to school virtually, school districts should prepare and step up their security in battling these virtual classroom hijacking attacks.

To further learn about Ransomware you can check our full article on the said topic at {insert link}. If you need IT solutions or assistance with your cyber security, feel free to check out our company, Croyten.

Remote Workers: At-Risk for Cyber Attacks

By Amine Mekkaoui,

Recently, a cyber attack on Twitter took place when a 17 year old hacker posed as a trusted colleague and tricked a Twitter employee into sharing user credentials by using basic hacking techniques. The hacker was then able to spoof the Twitter employee’s phone number through SIM swapping obtaining personal information and intercepted the one-time passwords (OTPs) used for multi-factor authentication (MFA) and quickly elevated his privileges inside the company.

With so many businesses shifting to remote work, the days of the IT-controlled security perimeter are long gone. Cybercriminals are fully aware of the mass work-from-home shift, and they’re crafting their attacks accordingly. If things like this can exist in big companies like Twitter, it could like work in yours too.

If you want to strengthen the security of your organization’s cyber system and have employees that are cyber-competent, it might be interesting for you to check out our company, Croyten. We specialize in IT solutions and cybersecurity.

Have you ever mistyped a website domain – maybe a few missed letters here, a forgotten hyphen there, or entering a wrong domain ending – and found yourself, not a 404 error message, but in an unfamiliar sinister website? 

This phenomenon is called typosquatting – a type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user’s system. It is basically typo hijacking that operates on the carelessness of the user when it comes to correctly entering the URL.

Some extreme forms of typosquatting are similar to phishing where the wrong website mimics the real site, thus confusing the user with a false knowledge that he/she has visited the right website.

Typosquatting is also a form of social engineering scams which I discussed in my previous blog. Social engineering is an act of exploiting human vulnerabilities where a cyber criminal will trick people with sophisticated methods while hiding their real identity and intent. It operates through manipulation, and the internet has given these criminals numerous ways to do that.

If your organization is currently idle about security issues, it’s time to rethink your strategy and do not forget about the human factor side of your company.


So how do you protect your business from these kinds of threats? Well, training employees certainly is a good start. You can provide your staff with the following know-hows: 

  • Never disclose confidential information, such as passwords or bank details, over email exchange or telephone.
  • If you find yourself with a suspicious email, the motto is always better not to react than to fall for the scam, because if it is legitimately important, the sender will try to contact you through another route.
  • In the case of supposedly urgent emails, it is advisable to check the authenticity of the sender by telephone.
  • Always keep an eye on social media fake accounts and report them to avoid angler phishing and social web threats.
  • Lastly, live up to the desired cyber-security awareness yourself.

A robust domain defense strategy can ensure company success in the long run, but so as including your human resource in this strategy. If your organization is currently idle about security issues, it’s time to rethink your strategy and do not forget about the human factor side of your company. There are multiple IT solutions that can guide you in things like this, helping you build a better and secured system within your organization. Since social engineering is targeted at humans, your organization is at risk of being attacked anytime. So it is best to keep in mind that the protection of your clients and employees also means protection of your organization.

WhatsApp Commits To More Transparency About App Flaws

By Amine Mekkaoui,

WhatsApp update flaws

Facebook-owned WhatsApp has fixed six previously undisclosed vulnerabilities in its chat platform. Some of the bugs were:

1) a URL-validation issue that caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction; and

2) an input-validation issue that could have allowed cross-site scripting if a user clicked on a link from a specially-crafted live location message. WhatsApp have patched these bugs as soon as they were discovered, and said that they will keep “with industry best practices” and conduct “necessary fixes”.

Reference: https://threatpost.com/whatsapp-discloses-6-bugs-dedicated-security-site/158962/

Social Engineering, a Cyber Crime Waiting to Happen

By Amine Mekkaoui,

Social engineering is just one of the many threats that we have today, especially with our current environment. With awareness and knowledge about cybercrime tactics, we can always be one step ahead in protecting our personal information and our companies.

More than ever, today, companies communicate with their employees, vendors, and clients through online apps. With this, it is common knowledge that not everyone is technologically sophisticated, and this is where cyber criminals can take advantage and do what they do best which is to find vulnerabilities and a weak link that will get them access to confidential and personal information.

One way to accomplish this is by using a method called “Social Engineering”.

WHAT IS SOCIAL ENGINEERING?

According to the University of Delaware, SOCIAL ENGINEERING is basically influencing another person or manipulating them into handing over personal data or information about a person or a company by pretending to be someone the individual or a company is related to usually through the use of the internet or any gadget, e-mails or even phone calls and texts.

Our social media logs and public records can be stitched together to highlight our profile, including where we live, our phone numbers, email addresses, friends we know, the names of our kids, our parents names, and places we previously lived.

Most users use simple and easy to remember passwords to access critical online applications they use daily.  Additionally, our personal information is readily available on the net.  Our social media logs and public records can be stitched together to highlight our profile, including where we live, our phone numbers, email addresses, friends we know, the names of our kids, our parents names, and places we previously lived.  These information can be used by hackers as a first step to approach their victims to extort access privilege to their bank accounts and/or business/employers applications.

HOW DOES THIS WORK?

With today’s work from home revolution where most transactions happen online, companies are at stake. Social Engineers are all at an advantage especially when companies are not prepared and well protected.

Social engineers are experts at trying to manipulate the person’s ability to trust. Commonly, banks or financial companies are their target since most of the time, money is what they are after. And in order to get it, they need to gather personal information about their clients. 

Social engineers take time to learn the so-called ‘Work Lingo’ in order to fool a client and maintain a legitimate image in giving a personal information which the social engineer then uses to have his personal data in the said agency or company, or in bank cases, his money.

Joan Goodchild, a journalist from California who writes about security and technology, further reiterated in her article entitled ‘ Social Engineering Tricks That Fool Unsuspecting Employees’, that social engineers tend to gain the trust of clients when they pretend as employees of a company. Social engineers take time to learn the so-called ‘Work Lingo’ in order to fool a client and maintain a legitimate image in giving a personal information which the social engineer then uses to have his personal data in the said agency or company, or in bank cases, his money.

Not just clients, but social engineers may also fool other employees pretending as one of them, hacking their way through the company’s domain, learning protocols and routines of the company to get themselves as an insider. They will pretend to ask for help from their ‘fellow employees’ for example as an auditor, or law officer who needs access to private information, and the said employee will unknowingly help them take care of the matter.

Statistically speaking, according to a study by The Radicati Group in 2019, there are about 3.9 billion active email users around the world. It is expected that the figures have already increased in the past months. This is supported by Clement, a known internet and e-commerce researcher, which says that the number of email usage over the past years from 2018-2023 were set to 2-3% increase which may imply the increase of email users to 4.48 billion in 2024. 

These are not mere numbers, in fact these are the number of email users which may be considered to be at risk. Most of them are professionals and employees.

HOW CAN I PREVENT THIS FROM HAPPENING?

If you are the part of a company handling business information:

a.)   Be aware and suspicious of a person calling, and emailing who is claiming to have a business contact with one of your company employees to garner information – this may be done through double checking your client/vendor list to verify the person identity and confirm it with the employee.  An example of this communication would be; “hi, I am John Doe, and I was hired by your CFO Jane Doe, who gave me your contact information to fix a database issue on your accounting application, can you please help me get access so I can take a look”

b.)   Do not provide information about the company you work for, either, unless instructed by your employer. This may commonly happen through calls in call center companies, or those who may pretend to need this through customer service. The company may also enforce strict security to protect and ensure the identity of its employees.

c.)   Be aware of suspicious emails from people who are pretending to have a business relationship as a vendor or a client with your employer using legitimate emails from known companies including banks and credit cards. If you don’t know who’s emailing you, don’t give out any information, unless you verify the sender with your manager.

If the information which may be at risk is yours:

a.)   In many cases, online applications have been offering double authentication features to access your app using information which will be provided by you and you alone.  This could be a code you’ll get via a text  or voice message to a registered phone in your account profile for that application, which you will need to authenticate and get access to your app.

b.)   Be careful of giving out your information, if you are pressured to give information, be suspicious and deny the request unless you can confirm their identity from someone you know and trust.

c.)   Sometimes, even mere phone calls may be used to track down your information, be alert and vigilant in taking these calls or answering text messages requesting your personal information.

Social engineering is just one of the many threats that we have today, especially with our current environment. With awareness and knowledge about cybercrime tactics, we can always be one step ahead in protecting our personal information and our companies.

Do you need more information about this? Let’s chat and talk about the struggles we have in the industry and how we can work together to move forward and survive these struggles.

In our next blog, I will be discussing a new trend among social engineers – typosquatting.  As for now, beware and never be a victim of any online fraud and cybercrime.

When Artificial Intelligence Meets Data Analytics

By Amine Mekkaoui,

When AI meets Data Analytics by Croyten

If you are from an organization that strives to function in a highly-technological environment, then it is crucial that you know the relation of big data and artificial intelligence: the latter depends heavily on the former for success, while also helping organizations unlock the potential in their data stores in ways that were previously cumbersome or impossible. Leveraging well-managed and presented data can improve organizations big-time. The problem is, handling data is stressful due to a variety of reasons.

Data Analytics is the process of making sense of and transforming data into useful knowledge. This process is composed of many stages and phases, and while there are software or tools that exist to assist, data-wrangling – the exhaustive process of cleaning and organizing data – is still rarely addressed. Obviously, practical data analytics is painful, and a helping hand in the form of automation through artificial intelligence can make a huge difference in this field.

To revolutionize the speed and efficiency with which data can be transformed into useful knowledge is the goal of The Alan Turing Institute’s Artificial Intelligence for Data Analytics project, otherwise known as AIDA. According to the initiative, it aims to combine multidisciplinary work from machine learning, semantic technologies, and programming languages to: (1) Build AI assistants for individual tasks, (2) Build an open-source platform and integrate the assistants into the platform; and (3) Provide exemplar use cases of real-world data wrangling. It also aims to solve some data engineering challenges such as. (a) data organisation (data parsing, integration, dictionary, and transformation); (b) data quality (canonicalisation, missing data, anomaly detection); and (c) feature engineering.


Data analytics required a lot of effort but with the help of AI, not only did it speed up the process but also allowed depth in making sense of data in the past.

AI-related initiatives like AIDA fuel better opportunities in insights and knowledge production since it is creating new methods in analyzing data, and data analytics has become less labor-intensive. Data analytics required a lot of effort but with the help of AI, not only did it speed up the process but also allowed depth in making sense of data in the past. In fact, AI is now deemed promising as it thrives in different kinds of industries. 

AI in Action

AI and machine learning are powerful levers when it comes to big data. Together with the power of human intuition, they are critical to helping businesses have a more holistic view of all of that data. It revolutionizes the way you get rules, decisions, and predictions done which entail the increase of the potential to dramatically improve the productivity of data scientists, analysts, and researchers benefiting governments and organizations because it will allow faster delivery of insights and decision-making.

Insurance Sector 

A recent study from the Organisation for Economic Co-operation and Development (OECD) (2020) encourages the insurance sector to prepare incorporating AI in their specific context. For instance, having more data leads to improved predictive analytics, enabling pricing that is better suited to expected risk. And since insurance is based on predicting how risk is realised, having access to big data has the potential to transform the entire insurance production process.

Healthcare

Payers and providers of care, and life sciences companies have started employing several types of AI in various categories such as diagnosis and treatment, patient engagement, recommendations, and administrative practices (Future Healthc, 2019). It will take many years before AI completely erases humans in medical domains, but at the moment, it has made a promising impact in the medical field: 1) Algorithms are already outperforming radiologists at spotting malignant tumours, and guiding researchers in how to construct cohorts for costly clinical trials; 2) Machine Learning is deemed to have the primary capability behind development of precision medicine; and 3) AI-based capabilities are deemed effective in personalising and contextualising care by, for example, sending messaging alerts with relevant and targeted content that provoke actions at moments.

Government

With AI in data analytics, data-driven governments are reaping a more efficient and convenient delivery of public services, and better-informed policymaking with predictive analytics, policy simulations, and real-time early warning systems because the use of technologies allows them to observe their citizens and physical environment with unprecedented data density and analyse these observations (European Liberal Forum, 2019).


While AI is yet to be explored, it has been actively changing and making a big difference not just in the field of data analytics, but also in the market as a whole.

By bringing the fusion of AI and Data Analytics, Croyten can assist you to ensure that your organization can potentially reap the benefits this advancement is opening. While AI is yet to be explored, it has been actively changing and making a big difference not just in the field of data analytics, but also in the market as a whole. Thanks to Artificial Intelligence, new products are developed which are better than before, and the opportunity of autonomy it offers saves businesses huge amounts of time, leading to quicker decisions gleaned from data. 

Data is the new oil, they say. If so, data analytics is the vehicle that processes this oil, and artificial intelligence plays the role of an upgraded machine system. Combine them altogether and they can make your organization stand out from the rest.

Protect Your Company Against Possible Ransomware Attacks

By Amine Mekkaoui,

Countless cyberattacks especially ransomware are now being experienced across the globe despite the global pandemic that is haunting every corners of our world. In fact, the gravity of the situation made the US and UK to release joint statements against ransomware.

‘Anytime there’s a global event, hackers like to weaponized it. So whether it’s the Olympics or an election, or a global pandemic, hackers are trying to leverage what the situation is against users’, Bloomberg News Cyber Security Reporter Kartikay Mehrota shared in a published online report.

But don’t get me wrong, this doesn’t mean that other institutions and companies are spared.

But what is even worse here is, most attacks in the recent months were against medical institutions, hospitals, government agencies and medical universities who are at the frontline in the fight against the deadly coronavirus.

Just recently, University of California who is conducting medical researches about the COVID-19, has been extorted with more than a million dollar after their servers were hacked. This is just one among the bigtime ransomware attacks recorded at the height of this pandemic.

But don’t get me wrong, this doesn’t mean that other institutions and companies are spared. Let us not forget that anyone can be a victim by these attacks as I discussed in my previous blog ‘Ransomware is no longer just a threat’.

The question now here is, how can you protect your company against ransomware and other cyber-related attacks?

There’s much to be done to make sure that your data and company are protected. But here are the most significant tips which can be helpful to you:

1. Conduct a risk-assessment in your company – it is important that you know the vulnerability of your company to ransomware attacks. Conduct risk assessments to your entire infrastructure and cloud services. You can use an SaaS online tool like AuditRun to assess your risk and mitigate it.

2. Update all business devices – it is very crucial that all devices operating system in the company are updated especially anti-virus and anti-malware software. It is also recommended to use VPN and multi-factor authentication in your cloud services including email and teleconferences.

3. Educate your employees – implement employee training sessions that will help them identify and prevent ransomware attacks. It is crucial to remind your employees the followings to:

a. Be mindful of links and attachments being sent thru emails as these may consist of the malware or virus that could encrypt some or the entire company data. Employees must also be reminded to be wary about COVID-related emails – they must learn to verify the content of the email and/or the email sender. They must never take the bait.

b. Never provide personal information to txt messages, to callers, and email messages. Fraudsters aim at tricking users to give them key information that will enable them to gain access and control of company systems by using social engineering methods.

4. Implement the use of privilege accounts – one way to limit your network’s exposure to malware is to implement a system that would restrict the installation of software that is not on the approved list of applications that is published by the company’s IT and/or security team.

5. Prepare a data back-up and recovery plan – one way to be prepared for any possible ransomware attacks is to have a data back-up and recovery plan. This has proven to lessen the damage and impact of cyberattacks and ransomware schemes. The goal is to inform bad actors that they can no longer make money easily using ransomware or similar methods.

Today when everyone is hungry for information, and some are living in fear – we are vulnerable and a good malware target. Let’s not allow cybercriminals gain more power and make us victims. In this digital world, it is always important to be one step ahead.


At this rate, we may not be able to completely stop them, but we can solidify our defenses to fight such attacks and manage our risk.