WannaCry A Year After

WannaCry A Year After

Written by Scott Hall on . Posted in Computer Security

wannacry

WannaCry was a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. While infecting a target computer, it encrypts the contents of the hard drive, denying access to the user, then demands a ransom payment, in the form of untraceable bitcoin, in order to restore access.

 

WannaCry arrives on the infected computer in a self-contained program that extracts the other components embedded within itself, which include the encryption keys, and a copy of Tor, a dark web browsing tool.

 

The program code was easy for professionals to analyze. Once launched, WannaCry proceeds to encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s, then displays a ransom note, typically demanding $300 in Bitcoin to restore access.

 

The initial spread of WannaCry was particularly noteworthy, in that it struck a number of high-profile & critical systems, such as the National Health Service in the UK, Nissan Automotive’ s manufacturing facilities in the UK, the University of Montreal, Boeing Commercial Airplanes in the US, and PetroChina, just to name a few. Victims were advised against paying the ransom demands, as the attackers were not restoring access after the ransom had been received. After the initial attack, payments totaling $130,635 USD were reported to the bitcoin wallet assigned to the ransom payments.

 

The last week in March 2018, Boeing Aircraft was hit by an evolved version of WannaCry, which is incredibly surprising, given the scope of last year’s initial attacks and the notoriety they gained. The vulnerability used by WannaCry was reasonably easy to patch and correct, so why did a Fortune 100 company with a massive and competent IT staff fall victim to it a year after Zero Day?

 

It seems security patching is still an overlooked practice. It’s routine, time-consuming and basic, but very important, considering that known vulnerabilities are still used in attack exploits up to 10 years after they’ve been exposed. Knowing that a solution exists but not implementing the patches and updates needed to close the vulnerability still leaves your enterprise vulnerable to exploitation. Managed service providers are critical partners in your business because you rest assured that all available upgrades and patches for known vulnerabilities are occurring regularly, and in accordance with best IT practices across the board.

 

Business continuity and disaster recovery devices are also part of a mature defense against ransomware. By allowing data from compromised systems to be recovered with minimal losses, you can minimize the impact from attacks of this caliber.

 

SOS Technology Group is always available to assist with implementing these solutions, call us today.

7 out of 10 Affected: Will You Be One?

Written by Scott Hall on . Posted in Computer Security

Seven out of ten medium to enterprise level businesses expect to be impacted by cybersecurity breaches in 2018, with more than 25% of those anticipating a breach to occur within the next six months.

 

Most businesses are in the dark with the true efforts involved in the breaches that have occurred, and because of that, most businesses are not very confident that they would even be able to detect a breach, let alone how to remediate the damage done in the aftermath.

 

Around half of all security breaches are employee-related, either through bad actors using inside knowledge, or through lapses in attention or awareness. Most senior IT professionals agree that the insider breach is the biggest threat in network security. With this in mind, it’s important to constantly monitor what your internal users are doing on a daily basis, to form a complete and comprehensive strategy based on real-world actions and behaviors. Learning where your vulnerabilities lie is the first step into determining possible vectors for a breach, and creating a balance between employee education and security technology is crucial to attacking an insider breach, either accidental or overtly malicious.

 

Protection from the breach includes antivirus & spyware detection programs, email filtering, firewalls, and a robust data backup/archiving platform. But these tools are only as good as the people who use them, and the people protected by them. Your employees need to understand all the potential harmful effects of risky behavior, like clicking links in unknown emails, sharing passwords on sensitive systems, or downloading attachments from unknown sources, even if those sources look legitimate.

 

Being mindful of your human attack surface is critical as well. Human attack surface is defined as the totality of all exploitable ‘holes’ in security that are created solely by the activities and vulnerabilities of human beings within the organization. This includes things like employee illness, terminations, negiliance, errors and an individual’s susceptibility to social engineering through sites and apps like Facebook, Instagram, and the like.

Increasingly, social engineering is such a serious threat that is now being considered as an attack surface all on its own. One way to combat social engineering is to conduct routine penetration testing that simulates common attack methods used in social engineering breach attempts. Penetration testing can also determine vulnerabilities from negligence and routine errors, especially focusing on employees with specialized access, high-level administration or critical duties within your organization, as these individuals are likely to be key targets in social engineering attempts.

 

SOS Technology Group can assist your business in facing these threats confidently and knowledgably. Consult with us today.

Social Media Monitoring: Organic Front Line Cybersecurity

Written by Scott Hall on . Posted in Computer Security

If you’ve done business in the last decade, you know how important a social media & web presence can be. It maintains your brand, grows your new customer base, and allows focused engagement with your current clients. Anywhere where people talk, they might not be saying just good things about your business. They might be offering honest feedback, or they could be dishonestly disparaging you. At worst, they could be planning to rob you, or make your business a victim of tragic circumstance.

What is social media monitoring?

By searching publicly accessible social media like Twitter, Facebook and Instagram in near real time for keywords or phrases, valuable intelligence can be gained. These social sites are crawled and indexed, and then the indexes built are scoured for key terms, phrases or word strings, and are then collated through an interface to present in a more usable form. By seeing which other words are connected more frequently to your business name, you can get an idea of how you’re presenting socially on the Internet. Taken a bit further, you can see demographics that are interested in your business, and what else they may be interested in to.

But the heart of this utility is security.

Planned protests at your business, or shoplifters showing off their wares can really impact your brand and your profits. Simply knowing that your place of business is close to areas known for a specific kind of crime or risk is immeasurable. Most social media monitoring tools go beyond social networking platforms and can scour the web at large, given an even more accurate picture. And there’s still another piece of security this monitoring can touch.

Suppose you are a victim of a breach, and someone has taken credit card information from your point of sale servers. Eventually, those stolen credit cards will probably wind up somewhere on the dark web, to be bought and sold by users around the globe. Certain metadata, or very basic information that is always tied to a person, like date of birth or social security number, is almost always attached. By turning to a monitoring service that is constantly searching and indexing the dark web for, say, your business’s email addresses or phone numbers, or the names of customers you know might be affected by the breach, you can provide valuable warning to the public and law enforcement in real time. Knowing what was taken can also provide you with the steps needed to remediate the problem in the future, addressing any vulnerabilities you have with your IT department or provider.

Giving your patrons quick notification of breaches and exploits, and the steps you’re taking to prevent them from happening again, shows that you are concerned with their security as well as your own, and are taking every effort you can to keep them safe….

Beyond Antivirus: Cybersecurity in the Era of Cryptocurrency

Written by Scott Hall on . Posted in Computer Security, Security

ransomware

You can’t read financial news today without seeing something on cryptocurrency as a hot new investment vehicle.  And it doesn’t take a lot more searching to find that some of the biggest financial thefts in human history have occurred on cryptocurrency exchanges since the emergence of Bitcoin on 2013.

The latest is a $500 million dollar theft on servers belonging to Coincheck, an online cryptocurrency exchange located in Japan. Hackers targeting a single type of cryptocurrency were able to make off with half a billion dollars, and thanks to the structure of blockchain, it is virtually untraceable.

Cryptocurrency began out of a distrust of the typical banking/financial exchange model, and sought to replace it with a decentralized platform, free from government oversight and the influence of the global banking industry. This has come with its own set of drawbacks, namely that anonymous transactions are just that: anonymous, with no master ledger or clearinghouse to monitor deposits and withdraws across the entire network of exchanges. Each exchange relies on current best standards and practices to secure the wallets of its depositors on its exchange. But in the world crypto, as in the traditional banking system, all security is not created equal.

To date, more than 3 million bitcoins have been lost or stolen, with a current market value of $39 billion USD. Factoring in that there is a finite supply of them, that accounts for 14% of all the available Bitcoins could be permanently gone.

If you plan on investing in any cryptocurrency, or are currently doing so, there are a few measures you should absolutely be taking.

DO YOUR HOMEWORK

Stick to the well-known exchanges, some of which do include some level of insurance on deposits on their exchanges. These include Binance, Coinbase, Kraken, and BitSquare.

Use two-factor authentication when logging into these exchanges, and do not share your password & authentication with ANYONE.

OFFLINE STORAGE

If you accumulate a large amount of any particular currency, or simply want to be as secure as possible, transfer both your wallet contents and wallet private keys to what is known as a ‘hardware wallet’. A hardware wallet is a USB device that stores your coins, wallet ledger and access keys completely offline, and can be used to check against loss or theft on an online wallet. They are set up with PINs, and can provide a string of words for easy recall in the event you’re ever locked out of the hardware. The most popular hardware wallet is the Ledger Nano S, available on Amazon for around $150.

BACKUP THAT BACKUP

Redundancy is the best way to assure your safety, so keep your hardware wallet in a safe place, and keep your 24 word pass phrase in a separate place as well. It may very well protect your entire investment from some of the smartest thieves in the world. Update your hardware wallet after every transaction, every time.

KNOW THE RISKS

Cryptocurrency is a new frontier and, as such, uses present day capability and paradigms with future technology that hasn’t even reached its full potential yet. The crypto market is global, open 24 hours a day, 7 days a week, and is not governed by rules in the typical investment platforms we have used before. If you’re safe, you can learn more about how the blockchain will potentially change your life in the future. If you’re safe and lucky, you might just increase your net worth beyond anything you could imagine

The Difference between a Firewall and Antivirus Solution

Written by Scott Hall on . Posted in Computer Security

computer vs security

While you may have heard of both of these programs, it can be confusing to determine the difference between the two, and why you would need both of them to protect your computer.

For enhanced computer security, you’re going to need a firewall and an antivirus downloaded onto your machine; this goes for laptops as well as PCs, across all operating systems.  While you may have heard of both of these programs, it can be confusing to determine the difference between the two, and why you would need both of them to protect your computer.  Both an antivirus and a firewall are vitally important, now that the internet is wrought with such terrible viruses and malware.  Read on to determine the difference.

Tech Headaches? We can help! Contact us now »