Why SMBs Need Cyber Security Protection

Think your business isn’t appealing to hackers? Think again.

Every business relies on its customer base, employees, financial transactions, and other vital data to keep it running. Unfortunately, this is the same kind of information from which hackers profit. However, 82% of small-to-medium sized businesses (SMBs) still believe that they don’t have anything worth stealing. Instead of framing the ever-present question of cyber security as an “IF”, you should first look at “WHY” your business needs cyber security protection; and, trust us, it does.

According to the SEC, at least 50% of small businesses registered in the US alone have been breached in the past 12 months. The price of recovery has increased dramatically – from $8,699 in 2013 to $20,752 last year; to be clear, that’s a 250% increase in three years. Looking past the surveys and statistics, there are two major factors that answer the question of “WHY” your business’s cyber security protection should be a top priority:

Size: The size of a company, small, medium, or large, has little to no significance when hackers identify potential targets. In the media at large, much of the news stems from the significant cyber attacks involving national and international corporations – think Target, Home Depot, and Sony Pictures. And while cyber attacks on SMBs may not be as riveting, that doesn’t mean they occur any less frequently – if anything, SMBs are targeted more frequently than larger corporations. Consider the following:

  • Companies with revenues of less than $100 Million per year have reduced cyber security spending.
  • Of 400 small firms, 27% have absolutely no cyber security protocols in place.
  • In this same study, 60% of respondents admitted to not creating greater protections even after experiencing a breach.

With these facts in mind, it makes perfect sense that these smaller shops are targeted – not only are they easy to breach, but if they are third party vendors to the larger corporations then hackers can use potential security gaps in their systems to get to the larger client(s). And while technical security gaps are troublesome but not entirely impossible to control, employees sometimes can be. This brings us to the next major reason SMBs need cyber security protection.

People: Employees, clients, and other people that come into contact with your company can be both a great asset and weakness. There are plenty of ways that attackers can infiltrate a network or host by suggesting or forcing indirect interaction with network users; most of the time this is the easiest way to get through initial security checks, if there are any in place. One wrong link clicked, one suspicious file downloaded, and your company could be locked in a battle royale with a hacker halfway around the world. One example is a small go-kart business in Maine. Because of a phishing attack, Maine Indoor Go-Karting was unable to issue paychecks on time because their bank account had been completely drained. Hackers will do just about anything to retrieve valuable data they can sell online for a significant profit. And if this happens to your company, revenue will suffer and so will your reputation, leaving your customer base with no choice but to move on to a competitor who can ensure the security of their data.

Now that you have the “WHY”, understanding and implementing the “HOW” is the next step toward cyber security protection. Having a company such as Neovera as your experienced cyber security protection team allows for peace of mind. We have over 15 years of experience in the field and are able to identify risks and outline specific, actionable steps to improve your cyber security posture. Your company, its data, and critical systems are completely protected as we pinpoint security threats inside and outside of your environment, and implement the necessary measures to prevent breaches and data loss. Bottom line: We protect your business from cyber attacks.

Beware of Zepto Ransomware

Ransomware-Locky may experience a slight decline, but it’s not because someone has finally found a way to banish it once and for all. A new type of ransomware, “Zepto”, is hitting the cyber world in a big way and locking all of the files in its path. Both malicious attacks are similar to one another and ultimately have the same end result, but Zepto is taking the ransomware world to the next level. Individuals and businesses are going to have to learn everything about this attack, and fast, lest they get caught in its trap.

Here’s how it works: just like most other ransomware attacks, an email is able to get into your inbox that has either a .zip or .docm attachment. Now this is where the file options differ – if you open the .zip, you will be prompted to open at .js file which then downloads and runs Zepto. With the .docm attachment, the document will open in Microsoft Word. From there, it prompts you to update your security options but it’s a disguise so that the attack can gain permission to begin locking files.

At this point, your files are in the process of being locked. Congratulations! Now what can you do? Well, if there were a time machine, it would make sense to go back and do the following: cyber security education and proper protection protocols on your network from an MSSP (Managed Security Service Provider) to ensure that emails containing infected attachments don’t end up in anyone’s inbox. To the first point – the minute an employee opens a questionable file, your entire network could be at stake. Vigilance is key when opening any online correspondence and attached collateral, even if it’s from a contact you believe to be legitimate.

But sometimes people make mistakes – we all do. That’s why having an MSSP in your corner saves you and your company time and future headaches when dealing with cyber security decisions. Neovera provides 24x7x365 cyber security monitoring and management services to organizations large and small who all have the same goal – growing their business and ensuring their data is protected. Leave your cyber security concerns with Neovera –  we’ve got your back.

Advanced Persistent Threats Terrorize DNC Network

Advanced Persistent Threats (APTs) seem to be all the rage within cyber crime circles. Defined as an unwelcome user gaining access and planting footholds within the network for an extended period of time to steal information, it seems APTs have even hit the political circuit. The DNC released reports that two separate attacks occurred on their networks, with one hacker group having infiltrated over a year ago.

These Advanced Persistent Threats weren’t sophisticated at all (just like others we’ve written about previously) – according to most reports, the attackers relied on the success of any number of spearphishing attacks. As many may remember, spearphishing attacks are perpetuated through a user received email correspondence with an infected link or attachment in the body itself. The user engages and presto! the hacker has unlimited access to the network and every endpoint.

Specific to these attacks, what is interesting is that while both are linked to known Russian military intelligence circles, the two separate attacks were completely unrelated to one another. Crowdstrike, a cyber crime investigation firm hired to research and diagnose the issue, released a statement saying that while one group (“Cozy Bear”) had deep footholds in the network for up to a year and were able to monitor and read all incoming and outgoing messages (emails, chats, you name it), the second group (“Fancy Bear”) had been in for a shorter period of time and was intent on finding damning information about the Republican nominee.

A hacker going by Gucifer 2.0 – paying homage to the Romanian user behind the attacks on various US government branches and the like – just released a trove of documents to prove his involvement. Now, enterprise business owners don’t care whether Gucifer 2.0 initiated the hack or the Tooth Fairy; what matters is that these groups were able to stay in this network for months and years without getting caught.

Advanced Persistent Threats are hazardous to companies of all shapes and sizes. Make sure to implement a cyber security plan that fits your organization’s needs and morphs with the ever-changing threat landscape. Managing and monitoring your cyber security landscape will be the difference between battling an Advanced Persistent Threat, or stopping it in its tracks.

PenTesting: Dealing with the Hack Aftermath (2 of 2)

Picking up from the previous post, Kevin Roose of Fusion experienced the effects of pentesting on his own network in order to pinpoint vulnerabilities. After going through the rigorous process of having two equally skilled cyber security professionals hack into his network and disrupt it as much as possible, Roose took it upon himself to learn from his mistakes so that interested readers don’t go through the same journey with actual devastating results.

Based on the pentesting results, Roose made the necessary changes to his network’s cyber security on an individual basis. However, it’s really easy to fit his tips to organizations of all shapes and sizes:

  • “Most of it was basic stuff: turn on two-factor authentication, use a VPN, don’t click on suspicious links, change your passwords every few months.” These tips can be filed under employee education; a lot of the attacks written about previously on this blog were a result of human error and could have been avoided.
  • “One I hadn’t heard of before was an app […] which monitors your outgoing network traffic and alerts you if a program you’re running is trying to contact a strange server.” Otherwise known as cyber security monitoring, having all endpoints secured and accounted for is great, but being able to view all interacting traffic is a vital point of protection for any company.
  • “You can also take proactive steps to protect yourself against social engineering…I called my phone company, reset my password, and instructed them not to let anyone make changes to my account in the future unless they provided a 4-digit PIN.” This can be filed away under third party application threats. Remember the Target attack through their HVAC system? It was an easily preventable loophole that both parties could have closed; however, due to oversight and sheer negligence Home Depot’s standing took a hit and millions of customers were left with more questions than answers about their cyber security privacy.

This article is not advocating that every company should embrace pentesting and post a jobs ad saying, “Hacker Wanted, Apply Within!”. Rather, be alert and aware of exactly how vulnerable your organization’s data and networks become as malicious attacks continue to grow and evolve in order to sidestep even the strongest cyber security protections. Monitoring and protecting your network – whether with an outside company or inside your own – is the obvious choice.

Ransomware Attacks Hit House of Representatives

An increasing number of ransomware attacks is an unfortunate trend as we move into the second half of 2016, and they have needled everyone in the public and private sectors. Most recently, the House of Representatives has issued warnings to its employees regarding third party website interaction on its computers and associated technology. What does this mean for the government at large as it slowly meanders into the cyber age, and how have other companies already begun to accept the changes that need to be made in order to stop these treacherous ransomware attacks before they start?

Here are the facts: recently the House of Representatives sent out notices from its technology services desk regarding employee use of third party websites when it is through government computers or other machines. Sites as popular as Gmail or YahooMail are going to be blocked in order to curtail the occurrence of any ransomware attacks. Though the House Chief Administration Officer declined to divulge details regarding a ransomware attack, it seems that one did occur in late April due to a House of Representatives employee clicking on an infected link. Unfortunately that’s all it takes for a ransomware attack to take hold of your network and lock its contents until the “ransom” is paid via bitcoin.

Some see these measures as extreme – one app founder, Ted Henderson, stated that it was “irresponsible” for the House of Representatives to take a stance that essentially blocks an avenue of free speech. However, that isn’t the argument within this particular piece: in actuality, focus should be placed on the points before the ransomware attack occurs and not after. What cyber security education is in place throughout the government? Are their networks and servers really that secure, or do we blindly assume that the government has the best cyber security plan? Obviously these are hard questions to answer but judging from President Obama’s most recent cyber security pledge, it seems that not only is the government keen on creating a better technological realm for itself and its employees, but that it wants to set an example for the rest of the country.

Overall, ransomware attacks can happen anywhere, to anyone and at any time – cyber security education is paramount for everyone, employees and private citizens alike, in order to quash these malicious attacks before they are able to take control of sensitive and protected data.

ADP Web Portal Breach: Sensitive Tax Data Targeted

Though the big tax season push is officially on hiatus until next year, that doesn’t stop the occurrence of malicious attacks aimed at retrieving sensitive tax data throughout the year. The most recent victims in this type of targeted attack are ADP and US Bank – two major corporations who hadn’t experienced a large scale web portal breach until now.

Both companies are rather tight-lipped regarding specifics of the web portal breach, but enough details have been obtained to create a rather unfortunate picture for each party in question. To start, it should be noted that, of ADP’s 630,000 clients serviced, only “around a dozen” were affected; one of those just happened to be a large, national bank. The 1,400 US Bank employees in question (2% of their total workforce) most likely hadn’t signed up for ADP’s online portal to access their W2 tax forms – attackers took advantage of the unclaimed, unique access codes, and, combined with personal details amassed from the Internet, weaseled into the system in a large web portal breach.

Once KrebsonSecurity broke the news, the fingers were already being pointed: ADP blamed US Bank for their lack of movement in guaranteeing every employee signed up, US Bank said that ADP should have kept a tighter lid on the unique codes provided to each employee. Let’s look at the bigger picture – with this information, had this web portal breach gone unchecked by both companies as well as the authorities, attackers would have been able to steal tax refunds next year. Combined with accurate salary information, filings with the stolen information wouldn’t raise an eyebrow with the IRS.

So, what can an employee or employee do to avoid a web portal breach, or other similar situations? Well, for employers, it’s making sure that any third party vendor – especially ones dealing with employee information or other sensitive data – not only has the necessary cybersecurity precautions in place but that they make you aware of your company’s role as well. Education and communication are vital, which brings us to the employees; know where your personal information is going, where it is stored, and what, if any, access you have to it over the Internet. Third party vendors, employers and employees all have to work together to keep their cyber environment safe from attackers; taking these steps will ensure a much smoother operation in the future.

Healthcare Behemoth Hit by Malware Attack

News of MedStar Health’s malware attack, as reported on Monday, was at first met with shock and then a resounding (albeit internal) “Again?!”. Unfortunately a lot of healthcare providers across the country have been hit with varying degrees of ransomware attacks. Whether through spear phishing campaigns or corrupted websites, these hackers were not only able to infiltrate and lock down vital systems, but managed to extort the ransom money from almost every targeted hospital or medical provider. Now, with this malware attack stalling not only MedStar’s 10 hospitals but 30,000 in staff and an additional 6,000 affiliated physicians, what steps are providers going to take to reduce the attack risk and why are healthcare systems still prime targets?

Here are the basic facts: early Monday morning, reports began rolling in about a malware attack on MedStar’s network, which forced an entire shutdown to determine where the attack originated, what it had infected and what could be done to get rid of it. Though the organization maintains no patient data was stolen or compromised, employees mentioned seeing demands for payment in exchange for their computers being unlocked. Currently, they are still working to get the network’s full functionality back – meanwhile, patients were not able to get the care they needed and doctors weren’t able to work with the efficiency they value since the records were trapped in technological limbo.

On an aside, it is important to note that this is the third such malware attack of this caliber to happen this year alone. The attack on a California hospital was traced back to the ransomware strain “Locky”. Since the hospital didn’t have their files backed up, they paid a ransom that amounted to $17,000 in order to gain access to their files again. The same thing happened to another healthcare organization in Kentucky – ransomware locked the networks and demands were made to the tune of thousands of dollars. Unfortunately the healthcare industry is easy pickings for thieves and corrupt computer pirates using a malware attack, considering the lack of funding or even time that these networks receive to make extremely necessary updates so security standards are able to protect against outside intruders.

Though nothing can be done with MedStar’s current situation, their future can be much more secure provided that cyber security takes a larger role in the day-to-day. Most assume that the initial breach’s causation had to do with an errant link in an email, or otherwise corrupt website. Along with personnel awareness and additional cyber security training, there are many other options that can continue behind the scenes in order to keep these hospitals running smoothly. And while this is an unsettling way to learn a lesson about cyber security, it is one that the whole healthcare system should take note of. Though HIPAA compliance is extremely important, protecting a patient and their data from getting into the hands of a criminal online is equally so.

The Dark Side of End-to-End Encryption

As the battle rages between Apple and the FBI in the media and courts, more applications and programs are coming to light that use end-to-end encryption. From popular messaging programs and applications to email servers and beyond, authorities from around the world are running into walls when it comes to actually seeing what is messaged between the parties they are investigating. So is end-to-end encryption truly a complete barrier to those hoping to infiltrate messages sent that threaten our security? Does the necessity of having access to these private messaging options outweigh what authorities see as a potential threat to communities spanning the globe? And what are the next steps in this journey toward total encryption?

Demanding backdoor entry exceptions from various companies due to security concerns poses a huge threat to the future of technology security. End-to-end encryption, also known as “going dark” when these messaging apps are used to escape detection, isn’t as ironclad as initially thought. A team of researchers at Johns Hopkins University were able to not only intercept these encrypted messages but decrypt them as well. This team created software that posed as an Apple server, then intercepted an encrypted message sent from a phone running outdated software. Finally, they began repeatedly guessing a 64-character decryption key corresponding to an encrypted photo on Apple’s iCloud servers. Once they found the correct key, they could download the photo from Apple’s server and view it. So, while even Apple cannot view the iMessages sent (unless they are backed up by the user on iCloud), these researchers were able to intercept and decode a variety of text and photo messages, demolishing the assumed end-to-end encryption barrier.

As mentioned previously, end-to-end encryption works as such: the people communicating are the only ones privy to the messages. Most importantly, no one – ISPs, telecom providers, or the company running the messaging service – can get access to what is being sent. Obviously for the user it ensures the utmost level of privacy from potential prying eyes. The counter argument that security and government officials pose is they need that data so a full spectrum of security and safety can be obtained. However, the cost for doing so is quite steep – as one recent publication points out, there is already so much publicly available data to these parties. The issue resides in being able to quickly disseminate what is being collected and analyzing it in a coherent and timely fashion; this obviously has not happened yet. By creating a system to do so, however, could change the approach toward these so-called secretive messaging applications.

End-to-end encryption is extremely helpful but can also be used by those with ulterior motives. Though there are not any finite answers just yet, continuous education about security policies and compliance standards is key for any employee at any company, and will continue to morph and evolve as these types of events come to light.

Phishing Scams: Does Your Boss Need Your W2 Immediately?

Phishing scams have become so popular and widespread that most are quickly found out and the tips to avoid them follow soon after. No, there isn’t a Nigerian prince out there who really needs money. And your good friend didn’t magically disappear to Asia, lose all their valuables, and somehow still have access to a computer to ask you for a wire transfer immediately. But what if your boss emails you from what seems to be his email, and asks for a W2 or similarly private financial data. Would you send it back, without a second thought?

Some might – unfortunately they also would have been the unassuming victims of a newer targeted phishing scam. As the IRS warned HR and Payroll professionals earlier this month, malicious individuals involved with phishing scams will pose as company executives from what appears to be the correct email and ask for employee’s social security numbers, birth dates, W2s, and other guarded personal information. While some personnel have unfortunately fallen prey to these attacks, you don’t have to. The following are examples of what a scammer may ask for in their email:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

Fake tax returns, especially ones propagated through phishing scams, are a huge criminal business. And, with tax-refund losses estimated to reach $21 billion by the end of this year, a company’s main line of defense is going to be the very employee on the receiving end of these otherwise normal-looking emails. Fortunately there are a couple of tell-tale signs making this scam stand apart – the return or reply-to address is something other than the sender’s normal email, or something as simple as a slight difference in the language and intonation used are two major indicators. Another, more obvious, path is to ask the sender if it is a valid message!

Communication is a key part to any business, and cyber criminals are chomping at the bit during tax season to steal your hard-earned dollars. Beat them at their own game by reviewing any suspicious messages, and have an open line for employees to the powers that be so that, if they are concerned about a potentially threatening email or need to beef up on their cyber security know-how, the resources are there for them to do so.

Ransomware Attack Hits Los Angeles Hospital Hard

Ransomware, a newer type of cyber attack, is becoming increasingly popular. A virus that infects a computer or computer system and then locks all the files and programs, hackers using ransomware are typically the only ones with the “key”, or code, that can unlock the victim’s data. Unfortunately, that key normally comes with a steep price that can range from hundreds to thousands of dollars. While some are able to escape scott-free since their data is backed up in a separate area, many are not as fortunate, as the news has recently been flooded with a number of high-profile ransomware horror stories.

According to various reports, a Los Angeles hospital noticed inconsistencies in their network, which soon led to a system-wide shutdown due to a crippling ransomware virus. Since the problem was reported on February 5, doctors have been unable to access any stored medical data or even cross-check their facts, leaving them to deal with faxing information or communicating via telephone and face-to-face interaction. The hackers originally demanded $3.6M in Bitcoin and facility staffers are working with both local law enforcement and the FBI. While they have maintained that patient care has not been compromised, a number of patients have been transferred to nearby hospitals due to the inability to access treatment records, X-rays, CT scans and other data.

At least 4 out of 5 healthcare institutions have reported some type of cybersecurity breach in the last two years, according to a study by KPMG. While ransomware attacks are mostly random – generated through mass emailings that are easily interacted with through any employee at the institution – the money that is demanded increases significantly if the hackers realize they have landed a big name, so to speak. Individual attacks can see demands of a few hundred dollars; unfortunately, once the attackers realized the group they had in their hands, the asking price greatly increased.

Ransomware attacks don’t have to completely level an individual or company – simply becoming more aware of suspicious emails or webpages is a major step in the right direction. Above all, backing up your priority system data is imperative; if the hackers hold your data hostage but you have another copy in a separate, safe location, paying them any kind of money becomes moot since the data they hold is obsolete and of no further value. However, this is absolutely the case for a regular ransomware attack – if the hackers were also going after the information itself it would be far more egregious.

Update: With the hospital reportedly paying $17,000 to release the network from the ransomware attack, it is safe to say that ransomware attacks aren’t losing popularity with hackers, especially since they may be buoyed by this particular outcome. Until the potential victims and organizations educate themselves on best practices for spotting questionable online activity, as well as creating a plan to protect and store their key data, ransomware attacks will continue to be a major weapon in a hacker’s arsenal.