As #cybersecurity attacks are increasing exponentially, SolarWinds was a target for hackers for almost a year now. Here’s some insight on how it happened and how to prevent being a part of a #cyberattack.
In the past several months, we have seen an increase in attackers on our healthcare facilities. With the #COVID-19 vaccine rollout, it is so important that healthcare facilities protect their network and increase their #cybersecurity posture. Here is Ara Aslanian, CEO of Inverselogic and reevert, thoughts on what they can do to improve security. #cyberattack
Ransomware attacks have always been a large issue in the cybersecurity world. The victims of ransomware attacks may also be blamed along with hackers.
The Treasury Department’s Office of Foreign Assets Control (OFAC) recently came out with an advisory stating that those who pay the ransom of a ransomware attack may themselves be subject to fines. While this may sound good on paper, in practice this black-and-white approach to a growing cybersecurity problem can be detrimental to all involved.
Popular in many an action movie, the “we don’t negotiate with terrorists” mantra may be thought of as appropriate dogma to cyberattacks. If one pays a bad actor the demanded ransom, then it incentivizes future attacks on others. If everyone refused to pay these ransoms, the method of attack would no longer be a profitable one, and they would move on to another cybercrime. Of course, in the movies, Harrison Ford always gets his plane back and the girl; companies who are unprepared victims of ransomware are seldom that lucky.
What makes ransomware such an effective method of attack is precisely why paying that ransom is not always a bad idea. For most attacks, the ransom is pennies on the dollar compared to what the cost of a recovery would be. For all the ethical debate about rewarding someone for their crime, the reality is that not doing so may cause the most possible damage to the company or individual attacked. The city of Atlanta is an excellent example.
Atlanta was the victim of the SamSam Ransomware in January of 2018. The requested ransom for this attack was $6,800 to unlock a single computer or $51,000 for all the decrypt keys needed to restore the city’s entire system. This attack was the largest successful cyber attack on a U.S. city in history. The attack affected around six million people, interrupting activities such as paying bills and fines, some court-related processing, as well as several internal systems for the city itself. Atlanta decided not to pay the $6,800 or the $51,000 ransom. They did not reward the bad actors for their bad actions and decided to take on the recovery themselves. To do this, Atlanta initially put in $2.7 million to recover everything, but once their systems were finally set back into place, the actual costs to the city were nearly $10 million. Atlanta didn’t let the bad guys win, but at what cost?
$10 million suddenly stripped from a city’s budget does not just mean the problem was fixed, it meant that they were now short of $10 million originally set for other things like salaries, school budgets, road repairs, etc. What could have been a negligible expense ended up costing millions and impacting the city for years to come. The question is what impact does the OFAC advisory really have on protecting U.S. cities and companies from these types of ransom attacks?
The answer unfortunately is, not much. For one thing, this advisory punishes the victim of the attacks. Instead of having to consider the cost of paying the ransom versus the cost of not, they now have to factor in the ransom plus the fine. This makes for some very fuzzy math. Either the fine is so high that it costs a company more to go through a very expensive recovery phase or the fine plus ransom is still less than the cost of recovery.
If the cost of the fine plus ransom is greater than the cost of recovery, under the government’s guidance all ransomware attacks would be exponentially more expensive for the victims. In many cases, it may actually shut down a company that is unable to pay thousands or millions of dollars to recover.
If the cost of the fine and ransom ends up being less than the cost of recovery, then the government is essentially profiting from ransomware attacks. The fiscally responsible move will still be to pay the ransom, but now the government will get a little cut of every attack. Under this model what is the government’s motive to end such attacks?
In both scenarios, the only party to actually suffer is the victim. The government either profits or keeps the status quo, the hacker either gets paid or doesn’t, same as today. The victim is either forced out of business or put in a financially vulnerable spot by the government or simply must pay a “victim’s tax” for being targeted. This would make for a terrible action movie.
If the OFAC advisory isn’t really an effective way of protecting U.S. businesses and cities from ransomware attacks, then what should the government be doing? The answer is in education.
Being a victim of a ransomware attack isn’t an inevitability. Being put into a situation of having to decide whether to pay is not absolute. With the right internal policies, procedures, and technology in place, being the victim of a ransomware attack is entirely avoidable. But you need to know what policies and procedures to have in place. You need to know what tech is available to protect you. The government should expand itself as a resource to help businesses and cities become aware.
Three ways the government can help with ransomware education are:
PSA videos – Create short and informative videos that can be incorporated into any HR department’s cybersecurity employee training program. Videos like these can highlight what to look for to identify a phishing scam, how to keep your personal information safe from being a phishing target, and steps to take the moment an attack is apparent.
Cyber training classes – The best way to prevent a ransomware attack is to ensure everyone within a network, be it a municipality or a corporation, is aware of all the suggested cybersecurity policies and best practices, as well as how to identify any potential point of attack. Building off the basic information that can be shared through a PSA, these classes presented by the government could go into much greater detail and provide employees with everything they need.
Cybersecurity education in schools – Ransomware and other such malicious cyber attacks will always be a threat. It is the nature of a constantly changing digital world. While keeping employees up to date on the latest threats with PSA Videos and Cyber Training classes is vitality important, we need to address these threats at the root. The best way to achieve this is to instill from a young age the threats and dangers of cyberattacks. Teach students how to look at phishing scams or behavioral vulnerabilities with a focused mind, so that as the next generation of workers enters their various fields, they are less likely to fall prey.
The government’s role is to protect its citizens and companies. Punishing the victim should not be one of its tactics to do so. Though it may be counter-intuitive, sometimes paying off a ransom is the best move to make. The best way to prevent these types of attacks is proper education and actions before they occur. With the government’s support of a comprehensive cybersecurity education program that works with today’s generation of workers as well as the next, it will have much greater success in decreasing successful ransomware attacks in the short and long term.
Cyberattacks can happen anywhere at any time. Due to the pandemic, the number of cyberattacks companies have been faced with has soared. Hackers are attacking large e-commerce companies since they have been in high demand due to the COVID-19 lockdown.
Supply chains have been stretched to their limits by COVID-19 lockdowns, border closures, and sudden shifts in consumer demands. Now, they’re facing a growing threat from hackers. According to the FBI, cyberattacks have surged by 400% during the pandemic. One of the top targets: supply chains. In 2019, there were around 300 major hacks on supply chains and 2020 is almost certain to exceed that. In a single week this fall, cybercriminals took out shipping giant CMA CGM’s e-commerce systems and hit the International Maritime Organisation with an attack that affected crucial databases.
The fastest-growing threat is ransomware, which encrypts a company’s data until a ransom is paid to the hackers to decode it. In the third quarter of 2020, companies paid an average of $233,817 in ransoms, a 31% increase from the previous quarter, according to security firm Coveware. Supply chains are uniquely vulnerable to cyberattacks because each link in the chain is a potential entry point for hackers. Corporations like Walmart can have 100,000 suppliers, and interact with each to manage orders, delivery schedules, invoices and payments. When a single click on a malicious email link can open the door to a cyberattack, policing such a complex system is an enormous challenge. So, what can be done? Here’s how to keep your supply chain safe and secure.
ASSUME THE WORST
Your organization or suppliers will inevitably be the target of a cyberattack, so plan accordingly. If your company doesn’t have a comprehensive strategy for mitigating threats and dealing with any breaches, creating one must be a priority. The threat from hackers is ubiquitous so your strategy must encompass not only your organization but the suppliers and vendors you deal with. It should run the gamut from the technologies used for endpoint protection, to standards for accessing and handling data, and plans for recovering in the event of a successful attack. The National Institute of Standards and Technology has created standards for supply chain cybersecurity that are an excellent starting point.
FIND OUT WHERE YOUR RISKS ARE
You can’t defend against risks you don’t know about. Conduct a comprehensive audit of each third-party vendor in your supply chain. It’s not enough to look into their software and hardware, you need to know about their information security protocols, processes for patching and updating their systems, how they control physical access to their facilities and digital access to their systems, and what background checks they perform on their employees. Group vendors by their risk level, and prioritize working with the riskiest to secure systems and train staff. Particularly vulnerable equipment may have to be air-gapped from other systems. This is frequently the case for manufacturers that have expensive or difficult-to-replace machinery still operating on outdated systems such as Windows XP.
EMBED CYBERSECURITY THROUGHOUT YOUR BUSINESS
The complexity of supply chains creates an enormous attack surface for hackers. The risks are increasing with greater use of IoT technologies throughout the system. Even WiFi routers, connected thermostats or smart lighting systems in warehouses could present a risk. IT departments lead the charge on ensuring networks are up-to-date with antivirus and malware detection software, and staying current with system patches. But that work can be undone by a careless worker who invites hackers in by falling for a phishing attack. Supply chains are prime targets for phishing scams, which often involve phony invoices that contain viruses or fake wire transfer requests that appear to come from a trusted source. Embedding a culture of cybersecurity awareness throughout your supply chain and regularly training all staff to be vigilant to the threat is essential to keeping systems secure.
Ransomware and other cyberattacks represent real and growing threats to companies throughout the supply chain. Attacks are inevitable, but by putting the correct technologies and procedures in place, companies can mitigate their risks and reduce their chances of costly downtime from a successful hack.
Hackers have been attacking employees who have begun working remotely due to the COVID-19 pandemic. However, there are certain cautionary measures companies can take to lower their risk of being attacked.
As the situation with Coronavirus COVID-19 advances, many state governments are now issuing orders to work from home for the purposes of slowing down the spread of the virus through “social distancing”. While this period of uncertainty and fear grows, so do the phishing attempts of cybercriminals who seek to take advantage of potential victims.
European cybersecurity agency ENISA has been warning users to stay vigilant for any suspicious looking emails that arrive in users’ inboxes – especially those that mention the Coronavirus – urging people to avoid clicking links or downloading files that may otherwise include malware and infect devices. Instead, it is recommended to check the legitimacy of the email through methods such as checking the direct website or calling a company’s direct phone line if the email and sender looks suspicious. Any unusual requests through an email should be handled with skepticism and caution.
Aside from being careful of such emails, ENISA also recommends employees to follow these security measures to stay safe while working from home:
Maintaining a secure WiFi connection and having WiFi password protected so as to keep others away from accessing your web traffic. Employees should also make certain their connection on WiFi is secure rather than using an untrusted network through public WiFi.
Having an antivirus software downloaded on your device as you work on sensitive material
Making sure your computer software is up-to-date with the latest security updates
Locking your desktop screen when it is not in use
Making sure all files are being backed up in case of an emergency (e.g. a ransomware attack)
During this time with remote work, employers should also take responsibility in making sure all employees are well equipped with tools necessary to ensure business security. For example, having an emergency cybersecurity plan or support available for workers when facing technical issues, or having a protocol to follow when working from home in the case of accessing sensitive files.
From time to time, we receive strange texts from numbers we don’t recognize telling us that our Amazon account has or needs a delivery update or that there is unusual activity detected in our bank account. Texts like these are accompanied with a suspicious looking link that asks you to click to log in. The issue with these messages is that sometimes it could be difficult to tell if it’s a scam when it mentions a company, bank, or other entity we typically interact with. While this may be so, we’ve outlined a few tips for you to keep in mind when you get that suspicious SMS message:
Tip #1: Don’t Click on Links from a Text You Don’t Recognize
It’s important to look out for one of the bigger signs that the text you received could be a scam: if it asks you to click on a link. Usually, you can tell when a link is fraudulent through the domain name. Other times it may be a bit more difficult to assess the link, especially if the company name is used within the link. In whichever case, it’s best practice to just avoid clicking on any such links sent to your phone. If you receive a delivery notification that asks you to check its status through a link, go to your web browser or application instead and log into your account to do so.
Tip #2: Don’t Reply to Suspicious SMS Messages
Messages that you don’t recognize could ask you to reply “YES” or “NO” or to give them a call about your bank account that was experiencing suspicious activity. In any case, avoid replying back to such messages and note that call to action texts that you don’t recognize could very well be an SMS scam.
Tip #3: Be Mindful of the Message Content
It’s important to look out for a few tell-tale signs within message content that may reveal the malicious nature of a text. Several things to spot include the greeting message, spelling, grammar, and the link provided. If anything seems out of character through the message, then you’re probably right to think it may be fraudulent. Again, it’s always best to sign into your account through the official website than clicking on a link you’re unsure of – especially if the domain doesn’t appear to be an official company website link.
Tip #4: Use Your Phone’s Block Feature
To help you avoid receiving any further messages from a sender, iPhones come equipped with the ability to “Report Junk” for texts you don’t recognize. The option appears when your phone recognizes that the number is not part of your contacts list. You can also block a number that sends you malicious messages by pressing on the contact info button at the top of your iMessage, press on the number once more at the top, then scroll to the bottom to press “Block this Caller”.
A malware called Emotet is spreading through the US and UK, specifically targeting banks and financial sectors according to a report published by Menlo Security. Cybercriminals have implemented a malware campaign that spreads via phishing emails, with the attachment of a malicious Microsoft Word document attachment. The email is made to look official through mention of financial topics such as invoices or banking details in the subject line, attracting victims to click on the file.
Emotet malware use was on the decline back in December 2019, yet began to pick up momentum again early into the new year as cybercriminals use it for new malicious purposes.
These targeted attacks are meant to disrupt multiple sectors including media/entertainment, transportation, and food/beverage in locations such as the US, UK, Philippines, Spain, and India. Emotet attacks have largely been focused on the financial services sector, with half of these campaign attacks affecting the US and a quarter affecting the UK.
After a user clicks to download the infected Word file and presses on “enable editing”, embedded macros are deployed onto the victim’s computer, which then successfully transfers the Emotet malware. Once transferred over to the user’s device, Emotet not only steals sensitive information, but can also facilitate the spread of more malware to other computers that use a shared network.
Emotet can’t be traced to just one source of administration, since its function as a botnet infects Windows computers globally, which then spreads further through those infected devices.
As Emotet continues to wreak havoc, business employees should take precautionary measures in avoiding any suspicious emails that arrive in their inbox, as documents or any links attached could very well be infected with malware. Users should be cautious of those emails that ask to “enable macros”. Keeping computer operating systems up-to-date is also an important step to take in order to stay safe.
There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.
These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information.
A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy.
Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source.
WiFi is inevitably part of our everyday lives. With every passing year, we add more devices in our homes that require WiFi, consequently slowing down our speeds as more devices connect to our home routers. WiFi 6 is here to help solve that issue. WiFi 6’s devices/routers offer faster speeds of the internet and some of these routers are even inexpensive to own.
Last year at CES 2019, affordable routers were announced to be coming to stores, yet consumers were met with very high price points. A small number of routers were offered for just under $200. This year’s CES event introduced quality routers thatranged around the price points of $100-$200.
In large homes, it’s recommended to have a mesh router system. However, this could be a bit more expensive than singular routers. Mesh routers also provide stronger and faster speeds of WiFi. At CES, Comcast announced the WiFi 6 version of their Gateway. This was a crucial change for many since cable providers rent out routers to their consumers. Apple’s iPhone 11 and iPhone 11 Pro both support WiFi 6 in addition to other companies like Lenovo, Samsung, and Asus that announced new laptops that also incorporate WiFi 6.
In comparison to WiFi 5, WiFi 6 has nearly doubled in speed. WiFi 5 had about 3.5 Gbps compared to WiFi 6 which now has up to 9.6 Gbps. However, that speed isn’t necessarily for one device solely. Rather, the 9.6 Gbps is needed for connecting and using multiple devices without sacrificing quality internet speeds.
There’s more developments coming for WiFi 6 such as WiFi 6E, which increases speed and capacity, but consumers will have to wait a while for this one since it doesn’t exist yet. WiFi 6 doesn’t instantly improve internet speeds. Rather, the wireless upgrade will show noticeable improvements through your regularly used devices once support for WiFi 6 is established.