What Happened with SamSam You may recall the SamSam outbreak, which stretched from 2015-to-2018 and racked up $30,000,000 in damages across 200 entities. This large total was partially due to the fact that SamSam knocked out a few sizable municipalities, including the cities of Atlanta and Newark, the port of San Diego, the Colorado Department of Transportation, and medical records across the nation. The ransom demand sent to Newark gave a one-week deadline to pay up the ransom in Bitcoin, before the attackers would render the files effectively useless. In November 2018, then deputy attorney general Rod Rosenstein announced that two Iranian men had been indicted on fraud charges by the United States Department of Justice for allegedly developing the SamSam strain and carrying out these attacks with it. As Rosenstein pointed out, many of SamSam’s targets were the kind of public agencies whose primary goal was to save lives – meaning that the hackers responsible knew that their actions could do considerable harm to innocent victims. Unfortunately, those responsible have never been apprehended. How Some Cybersecurity Firms Just Pay the Ransoms According to a former employee, Jonathan Storfer, the firm Proven Data Recovery (headquartered in Elmsford, New York) regularly made ransomware payments to SamSam hackers for over a year. ProPublica managed to trace four payments made in 2017 and 2018 from an online wallet controlled by Proven Data, through up to 12 Bitcoin addresses, before finally ending up in a wallet controlled by the Iranians. This wasn’t a huge revelation to Storfer, who worked for the firm from March 2017 until September 2018. “I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime… So, the question is, every time that we get hit by SamSam, and every time we facilitate a payment – and here’s where it gets really dicey – does that mean we are technically funding terrorism?” According to Proven Data, they assist ransomware victims by using the latest technology to unlock their files. According to Storfer and the FBI, however, Proven Data instead pays ransoms to obtain the decryption tools that their clients need. Storfer actually states that the firm was able to build a business-like relationship with the hackers, negotiating extensions on payment deadlines – and the hackers would actually direct their victims to Proven Data. Another firm, Florida-based MonsterCloud, follows a few similar ‘strategies,’ according to ProPublica. In addition to paying the ransoms (sometimes without informing the victims), these companies then add an upcharge to the ransom payment. However, it becomes important to consider where the money that is used to pay these ransoms is actually coming from. In the case of SamSam, many of the victims received some kind of government funding, which means that – if the ransoms were paid – taxpayer money likely wound up in the hands of cybercriminals in countries hostile to the United States. Differing Accounts from Proven Data Recovery Proven Data provides the following disclaimer on their website: “[PROVEN DATA] DOES NOT CONDONE OR SUPPORT PAYING THE PERPETRATOR’S DEMANDS AS THEY MAY BE USED TO SUPPORT OTHER NEFARIOUS CRIMINAL ACTIVITY, AND THERE IS NEVER ANY GUARANTEE TO OBTAIN THE KEYS, OR IF OBTAINED, THEY MAY NOT WORK. UNFORTUNATELY, SOME CASES MAY REQUIRE THE PAYMENT OF THE DEMAND IN HOPES […]
Double Pulsar could be used to install additional malware on a target PC. At the time the threat could only be leveraged against 32-bit operating systems, but the Chinese-hacked tool struck later in the year versus 64-bit machines and newer operating systems. Symantec has found evidence that this threat was utilized, hypothesizing that the Chinese hackers built the tool after analyzing network traffic during a legitimate Double Pulsar attack. The possibility that the hackers discovered the threat through a different vector exists, such as stealing the threat from an unsecured server, but the fact remains that this sets a dangerous precedent for tools like these being taken and used against their intentions. It’s noteworthy to mention that the hacking group that utilized Double Pulsar is no longer active, but this shouldn’t mitigate the risks associated with it–especially since the tool is still out there for use by other threat actors. Thankfully, the Chinese tool also took advantage of a Windows vulnerability that has since been patched… so there’s that. This isn’t the first time that hacking tools utilized by the NSA were stolen and utilized by hackers. In 2017, a group called the Shadow Brokers stole and dumped several hacking tools online, which is where the name Double Pulsar was originally discovered. If anything, the revelation that this threat existed at some point in the past only further exacerbates the need for proper network security–especially state actors that take more liberties with the development of these types of tools. What are your thoughts on these developments and the possibility that these threats could be used to attack organizations like yours in the future? Let us know in the comments and be sure to ask us how you can secure your network from these threats. We have all kinds of tools at our disposal that can keep your business safe from harm. Call us today at (831) 758-3636 to learn more.
These numbers, by the way, come from a cybersecurity firm, as neither the federal government nor the Federal Bureau of Investigation track these kinds of attacks. As of May 10, of this year, there were 22 known attacks on the public sector. Unfortunately, there are likely more that we just don’t know about yet, as reports of these attacks usually crawl in months or even years after the fact. March Attacks March saw a few ransomware attacks on municipalities. The sheriff’s office in Fisher County, Texas, was infected and couldn’t connect to a state law enforcement database as a result. In Albany, New York, the capital city quietly announced that it had been victimized by a Saturday ransomware attack – a tactical choice on the part of the hackers, as there would be nobody there to fight back on the weekend. While the city initially gave an understated account of the attack’s effect, the real problems were much larger than a few belated marriage licenses and birth certificates. In addition to the clerical delays, the ransomware attack had also impacted the Albany Police Department’s systems. As these systems are effectively entirely digitized, the department was left without their incident reports, crime reports, and even their schedules. April Attacks April saw the entirety of Genesee County, Michigan’s tax department shut down by ransomware for most of the month. The infection has since been removed. May Attacks May has been exemplified by the complete shutdown of Baltimore, Maryland, due to an attack using a ransomware known as RobinHood. As a result of this attack, government emails can’t be sent, payments to city departments are on hold, and real estate transactions have been paused. While RobinHood leverages a notoriously powerful algorithm – even the National Security Agency may not be able to break it, according to cybersecurity expert Avi Rubin – it doesn’t help that Baltimore was also using outdated hardware and software. Baltimore City Mayor Jack Young has already gone on record to state that the city will not be paying the ransom of 13 Bitcoins, or approximately $100,000. Instead, the FBI and Secret Service have been called in, along with assorted cybersecurity experts. Despite these resources, the city isn’t expected to recover for months. Rubin provided some insight into why not paying the ransom is the right call for Baltimore, pointing out that if nobody paid the demanded ransoms, these kinds of attacks would quickly go out of fashion. However, many companies struck by ransomware will quietly pay up. Analysis has found that a full 45 percent of affected organizations ultimately pay the ransom to try and get their data back, while 17 percent of state and local governments will fork over the demanded cash. At SRS Networks, we have some experience in dealing with these kinds of things, which means we can confidently agree with the actions of Mayor Young and the statements made by Rubin – paid ransoms only encourage future ransomware attacks. What’s worse, what guarantee is there that any data will be restored even after payment is made? No guarantee at all. That’s why we’ve dedicated ourselves to assisting business users in protecting themselves against ransomware. Give us a call at (831) 758-3636 to find out more.
These solutions include a unified threat management tool, a Bring Your Own Device policy, and a virtual private network solution. Unified Threat Management A unified threat management, or UTM, solution provides comprehensive network security through the use of several IT solutions. It includes the following: Firewall: A firewall examines the data that flows in and out of your network, looking for threats and actively keeping them out of your infrastructure. Antivirus: If a threat manages to slip past your defenses, you will need to react accordingly. Antivirus solutions allow you to address any issues that do manage to get past your first line of defense. Spam blocker: Email provides hackers with a direct line of attack to your business, with spam and phishing attacks being some of the most dangerous ones. A spam blocker can keep your organization from dealing with most dangerous messages, and when you don’t have to waste time with these messages, you can instead spend it being productive. Content filter: Your employees might be accessing dangerous or time-wasting websites. A content filter can help you make sure this is kept to a minimum. With all of these solutions combined into one, you can enable much greater network security for your business. Bring Your Own Device If your business’ employees have mobile devices that they use for work purposes, they could act as a bridge between hackers and your network. We recommend that all businesses that find themselves in this situation implement a BYOD policy. This policy should place limits on what employees can and can’t do with their mobile devices. A proper BYOD policy should also have measures in place that can whitelist or blacklist apps based on security, as well as the ability to remotely wipe devices that have been lost or stolen. Virtual Private Networks A virtual private network, or VPN, provides a secure method of connecting to data while out of the office. This is especially important for employees that do a lot of traveling, as they will need this encrypted network to keep sensitive data safe while out of the office. This keeps data from being stolen while it’s in transit, when it’s most vulnerable. SRS Networks can equip your business with all the security solutions you need to keep your data as safe as possible. To learn more, reach out to us at (831) 758-3636.
January BlurA January 2nd data breach of an unsecured server at a password management company called Blur exposed a file containing the personal information of 2.4 million users, including names, email addresses, IP addresses, and encrypted passwords. BenefitMallAn outsourced HR provider like BenefitMall is bound to have a ton of personal information stored on its infrastructure, and a security breach due to a phishing attack proved that to be the case. Over a period of four months, the names, addresses, Social Security numbers, dates of birth, bank account numbers, and even more information was exposed for over 110,000 users. AscensionA data analytics company called Ascension experienced an online database breach, leaving the personal information of over 24 million clients unprotected for over two weeks. The data revealed contains names, addresses, dates of birth, Social Security numbers, and financial information. Other January breaches: Oklahoma Department of Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of Health and Social Services, Rubrik. February 500pxThe online photography community 500px was hacked, affecting 14.8 million users. The breach revealed full names, usernames, email addresses, dates of birth, locations, and more. Dunkin’ DonutsDunkin’ DonutsDunkin’ Donuts’ DD Perks rewards members found themselves victims of a data breach for the second time in three months, giving hackers access to customer accounts. Coffee Meets BagelThis dating website announced that they were hacked on Valentine’s Day, revealing the names and email addresses of six million users who had been registered since before May 2018. University of Washington Medical CenterAlmost one million patients have had their medical, personal, and financial information breached as a vulnerability on the organization’s website exposed sensitive information. Other February breaches: Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn Health. March Dow Jones2.4 million records by government officials and politicians were leaked online. This database was made up of individuals who could possibly embezzle money, accept bribes, or launder funds. Health Alliance PlanThe electronic protected health information (ePHI) of over 120,000 patients was exposed following a ransomware attack. This ePHI contained names, addresses, dates of birth, ID numbers, claim information, and other identifiers. FacebookFacebook was forced to admit that they weren’t able to properly secure passwords of nearly 600 million users. These passwords were stored in plain text and could be accessed by any of the company’s 20,000 employees. Federal Emergency Management Agency (FEMA)Survivors of hurricanes Maria and Irma, as well as survivors of California’s wildfires, have all had their personal information exposed to a data breach. About 2.5 million victims have had their names, addresses, bank account numbers, and birth dates shared and left unprotected. Verification.ioThis particular breach is one of the largest in history, and it was found that Verification.io left a database filled with almost one billion email accounts and personal information on an unprotected server. The company has since closed down. Other March breaches: Rush University Medical Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of Human Services. April Facebook (Again)Two third-party applications containing Facebook datasets were left exposed online, resulting in over 540 million records, including account names, Facebook ID, and user activity being compromised. City of TallahasseeNearly $500,000 was stolen from the city of Tallahassee employees’ paychecks, accomplished via redirecting direct deposits into unauthorized accounts. Georgia […]
Here, we’ll review the various scams that frequently appear on social media to help you better identify problematic content on your feeds. Many of these may not seem to apply to your business’ social media presence at first glance, but it is important to remember that your personal social media and your professional representation on social media are closely linked. As a result, a breach of your personal account could easily put your business’ representation at risk as well. Gossip Scams “See PHOTOS of the celebrity that secretly lives in your area!” “You’d never believe who DWAYNE JOHNSON spends his free time with!” “You’ll be SHOCKED to learn which beloved ‘90s sitcom cast formed a blood cult!” You’ve likely seen ads pop up on your Facebook (or have had some of your connections share stories on their Newsfeeds) making claims similar to these. People like to live vicariously through the celebrities they admire, but these scams more often than not fool them into downloading malware after visiting a page. Fortunately, avoiding these scams is fairly simple – all you have to do is take in gossipy headlines with a grain of salt and avoid downloading programs from anywhere but the actual source. Nigerian Scam/Stuck Abroad Scam “Hello Dearest Friend, I am Prince Akinola. During the recent uprising in my country, my father was murdered in his sleep. To protect his riches, I seek a trustworthy Person to help me transfer 3 million US dollars into an account for a time. Helping me, you will be able to keep 35% of it to use as you see Fit. Please reply to me immediately with your name and phone number so I can leave this country and transfer the money to you.” These scams are perhaps some of the most famous, originally appearing in Nigeria but quickly spreading the world over. Basically, instead of netting a large percentage of a fortune, the victim usually is scammed out of their banking credentials or are asked to pay “processing fees” before their “payment can be delivered.” “I’m so glad I got the chance to send this message. I’m overseas in Europe and my wallet was stolen! I need $1,300 to get home. Could you wire over the money for me?” In the more personal version of the Nigerian scam, a cybercriminal will hack into someone’s account and start spreading a facetious sob story among their friends and relatives, hoping that someone will wire money in an attempt to help. While we would all want to do anything, we could for a friend, it is important to verify their story with them via some other means of communication. Lottery Scams/Who Viewed Your Profile Scam/IQ Scam “Congratulations! A gift card worth $1500 is reserved for you!” Wouldn’t it be nice, right? Quite a few of the scams that appear on social media come up in the form of pop-up messages, offering a generic prize in exchange for some personal information. Some will ask for a mobile number so they can charge data fees from you, while others will ask for your banking credentials to steal from you that way. While winning anything like what these scams offer would be undeniably awesome, you can’t win a contest that you didn’t enter. “Want to know who’s been looking […]
Then there is the story that came out of the College of Saint Rose in New York’s capital city of Albany early in April, 2019. An alumnus of the postgraduate school, Vishwanath Akuthota, was charged with, and pled guilty to, using what is known as a “USB killer” to fry the components of 59 Windows computers and seven Apple computers on campus. In all it has cost the college $58,371 to replace the computers. A Indian national, in the United States on a student visa, Akuthota filmed himself destroying the machines on his iPhone. For his misdeeds, he faces as much as ten years in prison and a $250,000 fine for repeat. What is USB Killer? The “USB Killer” is a thumb drive that works by drawing power from the USB port to charge a capacitor in the USB, then discharging the power into the USB port, frying essential components inside the machine, leaving it broken. The device itself is available online and is usually advertised as a tool meant to test a devices surge protection. Sabotage and Critical Mistakes Every business wants to avoid situations like this. While there isn’t much you can do against the “USB Killer”, there is plenty you can do to help you ward against employee-induced catastrophe. According to an independent study, in 2018 more than two-out-of-every-three data breaches were the result of employee negligence, direct employee theft, or straight sabotage. You read that right. You have a better chance of being put behind the eight ball by your employees than you do by any other person. That’s not to say your employees are out to get you, as only about a quarter of data breaches were a result of a current or former employee’s deliberate action, but rest assured you need to protect your network and computing infrastructure against situations in which there could be data loss triggered by your team. How to Protect Your IT from Your Staff? The first thing you should do is put together a strategy to snuff out potentially disastrous situations before they happen. That means training and monitoring. By training your staff on the best practices of using the systems they come into contact with, they’ll have a better understanding of how they work, and therefore will likely make fewer egregious errors. On the other hand, if they understand the systems and are versed in solid practices, some of them will want to take liberties that they maybe wouldn’t have if they were less informed. This is why a thorough monitoring strategy is important. While this strategy will work to keep your data and infrastructure safer, it might just save you some time and money in lost productivity. If your organization would like more information about how to train your staff properly, or how to sufficiently protect your network and infrastructure from all manners of threats, contact the IT pros at SRS Networks today at (831) 758-3636.
Outdated devices and software increase risks of malware infections due to the fact that devices are susceptible to vulnerabilities that have yet to be patched. Often times, these patches don’t even occur because of a lack of memory or non-compatible OS software. Another issue that can occur when using outdated technology is not meeting the newest WIFI protocol standards. This means the device would not be receiving a secure connection, something hackers love to see. You make their job so much easier that way. This list would be incredibly inaccurate if human error wasn’t on it. Human error is a huge reason data breaches occur. It’s not new information that humans are flawed and often let things slip through the cracks. Majority of the time, these errors are not made on purpose and are simply an accident. However, that doesn’t excuse them from potentially wrecking a business. Some examples of these missteps are using weak passwords, falling for phishing scams and sending sensitive information to the wrong recipient. This can be avoided with employee education and basic data security training. Malware breaches are easy to get caught up with if you don’t know what you’re looking at. An anti-virus will help patch vulnerabilities in your device but other forms of malware may not be as obvious. Plus, as mentioned before, with new technology, comes new ways to hack your data. For example, a packer is a type of malware that could hide from your antivirus because of the coding that compresses it. A crypter creates altered, and infected, copies of a program. As soon as it’s clicked on, it begins to decrypt. Polymorphic malware is malware that repeatedly uses packing and crypting methods to change the way it looks. Then finally there are many kinds of malware staging programs called droppers or downloaders which first learn about the system and then proceed to infect with the real malware. Physical theft is always a risk as well. Whether it is an employee or a stranger, depending on the data stolen, the effect can be detrimental to a business. Especially if there is no backup data recovery set in place, important data could be lost forever. This vulnerability is hard to predict due to the opportunistic nature, but keeping important items secured at all times can reduce these opportunities. Are you guilty of any of these items? Don’t worry most of us are, but knowing that will enable you to stay off a hacker’s radar and save your data. Knowledge is power and prevention.
First, let’s take a quick tour of the types of malware you may run into. Viruses: These act very similar to the flu virus. Once it gets into a computer, it propagates by copying itself and becoming part of another program. Then just like the flu at an elementary school, it spreads from computer to computer. However, a virus must be activated, by opening or running the file. Viruses also include worms and trojans. Spyware: This form of malware works just as its name intends. It is a software that usually piggybacks on legitimate downloads. Once it is in your computer, it spies on the information you key in and sends it to a website. The first sign of spyware usually is a slow computer since it takes up many resources to run. Adware: We all know this one all too well. Those pesky pop-ups telling you your computer is infected or that you won money. These also piggyback on other applications or downloads, such as free computer wallpaper, widgets or toolbars. Adware is kind of tricky, inherently it isn’t dangerous to your computer, annoying, but not dangerous. However, once clicked on you’ve basically opened the floodgates. Ransomware: With the popularity of cryptocurrency, ransomware has become more and more abundant. Often, this type of malware won’t damage your computer… right away. Instead it locks it and holds it hostage. The hacker asks for a ransom and will provide a key only if and once the ransom has been paid. If not, the hacker will usually wipe your device of all of its data. Botware: This is another malware beginning to gain popularity due to the cryptocurrency gold rush. Botware ultimately turns your computer into a zombie by flooding it with denial-of-service attacks. It helps hide anything going on below the surface. A surprising symptom of botware is a higher electric bill. Your computer’s CPU will be running constantly and the fan will run for longer than usual. Now that you are a bit more familiar with the mischievous malware that could corrupt your devices, it’s time to delve into a lesser known malware scam. Malvertising. This has been gaining headway on Google, so much so, they created an individual landing page asking consumers to report malvertising and explaining how to combat it. The way this works is that cyber-criminals utilize several types of display advertisements to distribute malware. A few ways you’d see malvertising is through auto-redirecting ads that will take you to a phishing page, click bait and malicious code hidden within an ad. Sadly, cybercriminals usually use legitimate ad networks because of the high volume of ads they distribute. It makes it incredibly easy for them to throw a code into an ad without the advertiser having the slightest clue. The worst malvertising connects users’ computers to an exploit kit that runs analysis on the defending computer, looking for vulnerabilities and exploiting them. From there, attackers can install malware, ransomware or gain full access to the computer and sensitive information. Sometimes Google may even flag your website for hosting malware, which will affect how you show up in search results. Like most other malware situations, the best way to keep it from ruining your device or even your life, is to keep everything up to date. It is […]
External ThreatsWith technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system. BaitingFirst of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations. PhishingThis is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email, or login to check on a policy violation. Usually the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book. Spear PhishingSimilar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer. Internal ThreatsOriginally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier. TailgatingOften, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access. PsychologyAnother interesting process hackers use to con their way into a business […]