We’ve been predicting it, and feeling it, but now the numbers are in. Officially, cybersecurity attacks have increased significantly since the start of the COVID-19 crisis - in particular the lockdown.
We’ve been predicting it, and feeling it, but now the numbers are in. Officially, cybersecurity attacks have increased significantly since the start of the COVID-19 crisis - in particular the lockdown.
Two-factor Authentication, also referred to as Multi-Factor Authentication, or 2FA, is typically where you log in to something and have to type in a small code from your mobile device in order to finish the sign-in process. It’s really the only thing protecting your accounts anymore, so it’s critical to use it.
Windows 7 might not be supported by Microsoft any longer, but millions of people are still using PCs that run the antiquated operating system. Since Microsoft has put an end to extended support for Windows 7 OS, a couple bugs have been found. Let’s take a look at what exactly is behind these issues and discuss your options.
Picture this… In your office you have a bag filled with thousands of envelopes. In each envelope there is $242 in cash. Unbeknownst to you, a thief has gained access to your office, but you don’t realize this until 279 days later. How much is this going to cost your business?
Data breaches on average in the US cost $242 per breached record. With the average breach compromising 25,575 records, the average cost per data breach is $8.19 million. Of course, the financial cost per breach is determined by a number of factors, but regardless of how much each breached file is actually worth, the entire situation has a chance to be the end of everything that you’ve been doing. Today we discuss these factors and determine how your business can avoid experiencing the effects companies feel in the aftermath.
Let’s take a brief look at the 2019 Cost of a Data Breach Report.
It’s no secret that anything associated with the healthcare industry costs a pretty penny. Healthcare data breaches are no different. The average cost of a data breach in the healthcare industry costs approximately 6.45 million dollars. This number is a staggering $15 million in the United States, where healthcare costs outpace the rest of the world. The cost-per-record increased over five percent within just a year, increasing from 408 dollars to 429 dollars. This 21-dollar increase might seem insignificant, as well as non-healthcare records increasing 2 dollars over a year, but remember that the average breach compromises 25,575 records. That means comparing 2018 to 2019, even non-healthcare data breach costs increased by over half a million dollars per incident.
Word travels fast in the digital age. If your business suffers a data breach, statistically these are the long- and short-term hurdles you will face.
Once customers hear their personal data has been breached, some begin to look for alternative companies in which to do business. It’s not uncommon for customers to feel that their data cannot be trusted following a data breach, and it's hard to blame them. In fact, on average 3.9 percent (even higher in the healthcare industry) of customers leave service following a data breach. For businesses with fewer than 500 employees, a data breach could ultimately lead to problems attracting new revenue, and ultimately, failure.
What your business needs to know following a data breach, is time is of the essence. The faster you solve the issue at hand, the less it is going to cost. Solving the problem within 200 days reduces the total cost by $1.2 million on average. What’s better than saving $1.2 million? Not suffering from a data breach in the first place. The Connection, Inc offers services that can help prevent breaches. Call (732) 291-5938 to learn more about our security services.
If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.
Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.
The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.
Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.
The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.
What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.
What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.
What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:
If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at The Connection, Inc for more information at (732) 291-5938.
Now that the holidays have come and gone, you might have a couple of new gadgets in your home or office that connect to the Internet. Depending on what these gadgets are, you might have a serious security issue sitting right in front of you without realizing it. Some devices that don’t normally connect to the Internet--also known as Internet of Things devices (IoT)--aren’t as secure as you’d like them to be, particularly in a business environment.
If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.
Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact, as a quick glance back can show.
Printers, along with every other piece of equipment that is on your network, require careful configuration and regular upkeep to ensure that they aren’t putting your data and users at risk. Security researchers recently discovered two massive vulnerabilities in HP Officejet All-in-One printers that make it incredibly easy for hackers to spread malware and gain access to a company’s network.
The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.
Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.
First, it helps to understand why social media is such an attractive vector of attack for identity thieves. For one, the anonymity provided by the Internet has long been a staple reason why it’s been commonly used by hackers to steal sensitive information from organizations. This was (and still is) done through spam and scam emails, but nowadays, strategies have changed enough where individuals have to be more cognizant of their personally identifiable information, because by using social media constructs like Facebook, Instagram, Twitter, and the like, they are much more exposed. Enterprise-level spam filters are readily available to all kinds of organizations, prompting hackers to step up their game and create nefarious new ways of stealing information.
Spear phishing tactics were the result of these efforts. Intending to bypass the likes of spam blockers and content filters through seemingly legitimate sources, phishing tactics come in a variety of forms, with the most successful of these coming from sources that hide the true intentions of the one making the attack. The Internet can mask the true identity of hackers so that they can seem to be someone else, either in an email scam, social media attack, or otherwise. This is known as spoofing, and has been a infiltration tactic for decades.
In particular, social media can provide attackers with a lot of information without them working too hard. Think about the kind of information that you might have on your personal Facebook or Twitter feed. Do you have a phone number? What about an email address or physical address? Do you have any information about the musicians you listen to, or the books that you enjoy? All of this information (and more) can be used to help a potential scammer steal your identity and use it for various ill offenses - the gravest of which could be stealing your identity and using it to attack those you hold dear.
Imagine what could happen if someone were to steal the credentials to your social media pages and use them to impersonate you. They could fool all of your closest friends and family into giving up whatever information they are looking for. For example, they might be able to coax your parents or loved ones into parting with personally identifiable information such as your Social Security number or credit card number, which could be used to open new lines of credit or make fraudulent purchases. Regardless, the threat posed by identity theft through social media is considerable, and you must take precautions to ensure that you don’t fall for these traps in the future. Here are some ways that you can make sure this doesn’t happen.
Businesses are just as vulnerable to spear phishing attacks as individuals, if not more so. If you are like billions of others, social media has become an important part of your life, and quite possibly, your business. To ensure that you are doing what you can to protect yourself and your organization from the threats that social media and other innovative communications technologies enable, consider reaching out to the IT professionals at The Connection, Inc.
We are going to switch things up a bit and walk you through a retelling of a ransomware attack through the eyes of a business owner. Usually when we talk about these types of threats, we approach it from our perspective and talk about what you should do to prepare and what the threats are, but we wanted to try to show you what an event like this could feel like, for you, in your position, and in your own eyes. We hope that this will raise awareness of how crippling an event like this can be on your company, and we hope you let us know if this perspective helps you, your colleagues, and your staff get a more personal sense of what ransomware can do. Enjoy!
What a day it has been!
Typically, when I have a day like I just had, I wouldn’t sit here and write about it, but since our story is sure to help people, I thought that I should. Besides, my adrenaline is still pumping, and I don’t think I can sleep yet anyway.
The day I had was terrifying but started just like any other. I got through my morning routine and made my way to the office. I even stopped at the shoppe to get coffee. Once I entered the building I knew something was wrong. I had two employees beat me to the office. They were milling around almost aimlessly in the hallway. Before I even reached my desk, I was inundated with bad news.
“We are locked out!”
“What are we supposed to do?”
After getting past my employees into my office, I tried to ascertain what the problem was. It was evident very quickly that we had a major problem on our hands.
@!#?! It’s ransomware! I can’t believe it!
It could only be ransomware.
I wasn’t sure what allowed this to happen. Did one of my staff click on a bad link? Was our network vulnerable from the get go? Since the ransomware had spread onto the network, I could tell that the affected computer had to be used to manage other endpoints, pushing ransomware to all the endpoints the terminal had managed. This is why the computers that were on the network had the same message. This means that it ended up stealing usernames and passwords to open each endpoint and lock down the data on them.
It is during this period that the entity that unleashed this beast on us would look to take as much data as they could. It turned out that my company was using a global password configuration and the ransomware spread throughout our network like wildfire. So, when I was met with the message, I knew exactly what I was dealing with.
I never for a second thought that it would happen to us. Our business doesn’t deal with major financial institutions or medical records, so it would seem to keep us safe from these kinds of security breaches. I guess I’m just the latest person to ask, “why us?”
For those who don’t know, ransomware is any type of malicious application that “kidnaps” the data and holds it for ransom. It can shut down the files of a single computer, or in our experience, it can spread over the network to several endpoints; effectively shutting down operations for long stretches of time. I wanted to share my experience to help you know what to expect if you are one of the unfortunate business owners that have to have all the answers.
No matter how prepared you are for something like this, at first, you feel panic. Typically, you are immediately overwhelmed and are left kind of dumbfounded, glancing around the room, looking for answers that aren’t there. Regrettably, if you are doing that, the damage is done and there is nothing you can do about that. Scenarios race by in your head and the more they turn negative, the more the fear builds up in the base of your neck, in your throat, or in the pit of your stomach. You need to stay as calm as you can and begin troubleshooting immediately. The thing about ransomware is you can’t just wait it out. Once that wave of fear subsides, you have to make a measured response, because you likely have people that are on the clock, and an IT infrastructure that is locked down.
After the initial shock, I went to work.
I learned quickly that there are two main types of ransomware:
The type we were unfortunate enough to encounter was WannaCry, a crypto ransomware that has infected millions of people worldwide by taking advantage of an unpatched Windows vulnerability. As a small business, our technology management was pieced together, but after this event, and all we’ve learned from it, we will definitely be sure to make our staff cognizant of how to avoid situations like this.
For us, we had three machines infected with a variant of WannaCry. The ransomware stated that if we pay $300 in Bitcoin for every machine that was locked, we could get our data back... and the clock was ticking, literally.
At that point, we had three options. We could abandon the machines and buy new ones, we could pay the hackers that had encrypted our data, or, we could attempt to restore our systems.
Part of me wanted nothing more than to just abandon the machines, bust our IT budget for the year and be done with it. We instead decided to try to restore the machines to a prior version, because paying the hackers was never a real option. First of all, any person that could inflict this kind of fresh hell on a small business was not to be trusted; and, I felt if I were to pay the ransom, there was no guarantee that we would a) get our files back; or, b) not get harassed again by the same people.
Since cost was a factor, we reached out the IT professionals at The Connection, Inc, and they walked us through the process of restoring our terminal and the two machines connected to it. Luckily for us, they had the knowledge and expertise to help us get through this horrible time. We will lose quite a bit of work, but, as of right now, it looks like we are going to come out of this whole thing much better than the majority of companies that have dealt with it.
I know we were lucky. I know we have to try harder. I know we aren’t out of the woods just yet, but I have to thank the people at The Connection, Inc. They really came through for us!
Ransomware attacks are rampant. If your small business isn’t proactive about its network security and if you don’t train your people on what to look for, you could be dealing with a problem that could potentially sink your business. For more information about ransomware, WannaCry, or other threats your organization faces today, call us today at (732) 291-5938.
The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.
Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.
Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.
Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:
“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”
The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.
Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact The Connection, Inc today at (732) 291-5938.
If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it be able to recover in a timely manner? Do you have measures put into place to keep them from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half of them have simply proven to be ineffective against DDoS.
First, we’ll give a brief explanation of what a DDoS attack specifically entails. In its most basic form, a DDoS attack involves overloading your organization’s network with so much traffic that it can’t handle the strain. When this happens, access to critical information and services can be lost, hindering operations and causing downtime. This is the main damage dealer of a DDoS attack, and any business executive can see why. When time isn’t spent productively (like during downtime), it’s time and profits wasted.
According to a recent report from CDNetworks, an immense 88 percent of companies believe that they have adequate defenses against DDoS attacks. 69 percent of these companies have also suffered from a DDoS attack in the past twelve months, which should prompt any open-minded company into considering whether or not the measures taken are actually helping.
To give you an idea of just how much this protection is costing these organizations, let’s take a look at some other statistics. US companies tend to spend somewhere around $34,700/year on DDoS protection, while European countries spend around $29,000/year. With such a significant investment, why do DDoS mitigation attempts fall short of the desired goal, and what can be done to solve these issues?
Learning from these failures is the ideal approach to securing your organization from DDoS attacks, and 66 percent of organizations are already making plans to invest more heavily in DDoS attack prevention and mitigation over the next year. We’d like to ask you how you plan to protect your business from the threat of DDoS attacks against your network.
If you aren’t sure how to protect your organization from major threats like DDoS attacks, reach out to The Connection, Inc at (732) 291-5938.
Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.
Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.
On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.
The warning comes from the Computer Emergency Readiness Team’s (CERT’s) National Cybersecurity and Communications Integration Center (NCCIC). In it, public reports from ESET and Dragos reported “a new highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”
You may recall a similar incident hitting the news not too long ago when workers at a Ukrainian power distribution center watched helplessly as hackers took control of their computers, and used them to shut down heat and power for over 230,000 citizens. Though the power wasn’t out for very long (somewhere between one-to-six hours, depending on location), the control centers are still suffering from the attacks several months later. In addition to turning off the power, hackers also overwrote crucial firmware, which left 16 substations unresponsive to remote commands. This is the first confirmed instance of hackers successfully taking down a power grid, and it’s thought that these hackers were very meticulous and sophisticated in the execution of this attack.
Last year, the FBI began a campaign to raise awareness of the potential issue by briefing electrical power companies of the risk. Although, the possibility of such an attack hitting the United States was deemed improbable. Thankfully, there is currently no evidence to suggest that this malware has affected critical infrastructure in the U.S., but the recent CERT warning suggests that such an attack has grown more probable. This risk is due to CrashOverride having the potential to be modified to target vulnerabilities in U.S. critical information network and systems via the malware’s tactics, techniques, and procedures (TTPs).
To give you an idea of how dangerous the malware is, the Dragos report links the malware to the group responsible for Sandworm, a wicked zero-day vulnerability that executed code within affected systems by opening a backdoor for later access. This threat utilizes phishing attacks and has the ability to spread between networks with the goal of disrupting systems and stealing sensitive information.
In the CERT warning, the recommended way to handle CrashOverride is for utility companies to take a proactive stance when it comes to cybersecurity. This includes implementing techniques for providing and identifying malware. In truth, this is the same approach to cybersecurity that we recommend for all businesses, regardless of industry, size or location. As the sophistication of cybercrime continues to develop, properly monitored and maintained networks are a company's first line of defense. Contact us today to learn more about network security and best practices.
Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.
According to a Swedish cybersecurity firm called Detectify, there are major online domains that are at risk of email spoofing due to misconfigured server settings. Email spoofing is the act of sending a message, while masking the true email address that it comes from. This allows hackers to forge the sender address to suit their needs. Generally speaking, email messages don’t have automatic authentication built into them. This is something that must be configured on the server side of things.
Thankfully, there are ways to properly configure your email server, but unless you’re a hardcore techie, you run the risk of either configuring the system incorrectly, or changing settings that may compromise your security. Yet, it’s still important to keep in mind how the solutions that prevent email spoofing, work. Here’s a breakdown of the details:
You might be wondering why we’re even bringing this up, and it’s because Detectify discovered that, out of the top 500 sites on the Internet, 276 of them can be spoofed. Detectify considers servers that don’t have SPF or DMARC configured correctly to be vulnerable to email spoofing - this includes using no SPF at all, using SPF with softfail only, and using DMARC with action none. Therefore, you need to take measures to ensure that your team knows how best to identify spoofed email domains, and phishing messages in general. If you don’t, you could be placing your business in harm’s way. On top of that, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.
The best way to keep your employees from falling into this trap is by ensuring that you’ve educated them on security best practices, and to limit their exposure to such threats in the first place. This includes taking the time to explain to them how phishing threats and other security discrepancies behave, as well as implementing solutions to keep suspicious messages out of your inbox in the first place.
Your business needs to consider security a top priority, and only The Connection, Inc can help. Reach out to us at (732) 291-5938.
Mobile? Grab this Article