Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

US defense IT agency says data breach may have affected 200,000 people


The Defense Information Systems Agency (DISA), which handles IT and telecommunications support for the White House and U.S. military troops, has disclosed a data breach that may have affected 200,000 people between May and July 2019.

According to a letter sent by the U.S. defense agency to victims, Social Security numbers and other personal information stored on a system on their network might have been compromised.

 “While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised”, according to the letter, dated Feb. 11, 2020.

The agency has also stated that new protocols and additional security measures have since been put in place to prevent future incidents and protect personal identifiable information.

Following the breach, DISA vows to provide free credit monitoring services to victims, and advises those concerned about identity-theft related crimes to visit the FTC’s website for additional information and prevention steps.

The agency has given no further information. Details such as who was responsible for the breach and what systems were compromised will most probably remain unknown.

The disclosure of this security breach further darkens the 2019 cyber landscape, which had already reached an all-time high in number of exposed records. The event shows that no system can be bulletproof and that sooner or later, anyone can fall victim to data breaches, even a Department of Defense (DOD) agency overseeing presidential communications.


Continue reading

It Only Takes One Phish: Phishing Attack Results in Network Infiltration, IT Incompetence, and $217,000 in Paid Ransom Fees


The recent attack on a Dutch university demonstrates much of what IT organizations shouldn’t do to avoid an attack.

According to Michiel Borgers, Chief Information Officer at Maastricht University, their network was the target of a phishing attack in October of last year that gave cybercriminals access to their network. The attackers “spent the following weeks exploring the systems and gaining credentials to access more secure parts of the infrastructure,” said Borgers. And in December, the university paid a ransom $217,000 to decrypt files.

Sounds like a pretty standard cyberattack story… until you hear all the things that went wrong.

  • Security solutions didn’t stop the phish – even with solutions in place, phishing emails made their way into a user’s Inbox, making the user the last (and, in this case, the least effective) line of defense.
  • Users played the role of the victim - as always, a user was tricked into clicking on malicious content within an email, setting the campaign in motion.
  • IT wasn’t paying close enough attention to detail – after the initial phishing email was discovered and the malicious link blocked, no additional steps were taken to ensure subsequent emails used the same URL and that the university wasn’t under a targeted attack.
  • There were too many alerts – Alert storms are all too common. Too many red flags mean IT teams are paralyzed, not knowing which alerts to follow up on. And with the bad guys apparently moving laterally around the network leveraging compromised credentials over a period of months, there must have been quite a few.

A report on the attack, what should have been done, and what the university plans on doing moving forward was published this month.

The challenges above experienced by the university demonstrate how the problem only gets worse over time. The place to stop an attack is where it’s easiest – when it’s a matter of a single email and a single user. No thousands of potential alerts, no campaigns of emails to deal with… just one user and the decision of whether to click on an attachment or not.

Security Awareness Training is one of the needs outlined in the report. The university sees this training as the key “to reduce the number of successful malicious attempts to attack.”

Lots of things can and will go wrong with IT’s ability to respond to a cyberattack.The one factor that IT generally has no control over is the user.By putting Security Awareness Training in place, IT organizations regain a measure of control by engaging with the user to play a role in organizational security.


Continue reading

Texas Ranks Second in Number of Ransomware Attacks on Health Care Organizations


According to new data from Comparitech, since 2016 Texas has experienced 14 ransomware attacks impacting a total of 483,000 patients, and costing as much as nearly $20 Million in damages.

It sort of makes me wonder, would it make sense for bad guys to actually want to target a specific industry and geography? Would it benefit them in the form of bigger – and more frequently paid – ransoms over time? There’s a valid argument that this could be true, as no organization wants to be in the headlines as the “17th organizations this year” – it would imply the problem was obvious and they didn’t do enough to stop it.

Even if it’s pure circumstance, new data from tech researcher Comparitech shows health care organizations in the state of Texas are the second more prevalent ransomware victim. Second to California, this new data is bad news for other potential targets. We’ve seen what appeared to be a coordinated set of attacks on Texas municipalities last year. The fear in both cases is bad guys realize how “easy” it is to successfully attack these kinds of orgs, and make efforts to continue the pattern.

At the same time, there is something to be said for the unusual success rates – perhaps there is some truth in the idea that these organizations simply aren’t ready. Don’t get me wrong; I’m not saying Texans don’t know how to do cybersecurity, but I am saying there are too many cases of successful attack for any Texas-based healthcare organization to take the new data lightly and do nothing about it.

It’s time for every organization to implement proper security controls in the form of a layered security defense against malware, phishing, social engineering, etc., as well as using Security Awareness Training to educate users about attacks and elevate their ability to identify and stop phishing attacks.

Texas Healthcare is in the spotlight today. There’s nothing saying your state and industry won’t be the next trend.


Continue reading

97% of IT leaders majorly concerned by insider data breaches


An Egress study has found that 97% of IT leaders are concerned that data will be exposed by their own employees, leading to insider breaches.

This finding from Egress‘s Insider Data Breach Survey 2020, conducted by Opinion Matters, spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.

Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.

While the former statistic has remained stable since 2019, the latter saw a 14% jump.

In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.

Egress CEO, Tony Pepper, said: “While they acknowledge the sustained risk of insider data breaches, bizarrely, IT leaders have not adopted new strategies or technologies to mitigate the risk.

“Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.

“The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.

“They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

The most common cause of company data risk, according to leaders, is the sharing of data to personal devices.

In regards to challenges, two proportions of 24% said a lack of employee security training, and a lack of effective security systems respectively, were to blame.

23%, meanwhile, blamed a lack of awareness, and 21% said that insider breaches were mainly caused by employees rushing tasks.

In terms of what kinds of cyber attacks were causing breaches over the past year, 41% cited phishing attacks over email, while 31% said that employees had sent information to the wrong person.

“Incidents of people accidentally sharing data with incorrect recipients have existed for as long as they’ve had access to email,” Pepper continued. “As a fundamental communication tool, organisations and security teams have weighed the advantages of efficiency against data security considerations, and frequently compromise on the latter.

“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly.

“Organisations need to tune into these advances to truly be able to make email safe.”

528 IT directors, CIOs, CTOs and CISOs from companies with 100 employees or more took part in Egress’s study.


Continue reading

5 tips for businesses on Safer Internet Day


Safer Internet Day is here!

Note that it’s more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after.

As the old saying goes, “Cybersecurity is a journey, not a destination,” and that’s why we have SAFER internet day – it’s all about getting BETTER at cybersecurity, no matter how safe you think you are already.

So here are five things you can do in your business, regardless of its size, to help you and your colleagues keep ahead of the cybercrooks.

1. Patch early, patch often

We’ve won part of this battle already, because most businesses these days do install security patches.

At least, they install updates eventually. But there are still many organisations out there that take their time about it, putting off updates for weeks or even months “in case something goes wrong”.

The problem is that once crooks know about new security holes, they don’t put off using them – so the longer you lag behind, the more vulnerable your business becomes. Learn how to test updates quickly – you can start with one computer and make notes from there – and have a plan for rolling back in the rare event that something does go wrong.

2. Know what you've got

Whether you call it an asset register, an IT inventory, or just a plain old list of computers and software you’re using, make an effort to know what’s on your network – even if you’re a small company where everyone works remotely from home.

It’s good to be able to say, “We have 10 laptops and I’ve upgraded them all from Windows 7 to Windows 10.” But it’s much better also to be able to say, “And I found an old XP computer down in the storeroom that everyone had forgotten about, and I’ve upgraded that one, too.”

Cybercrooks go looking for old, unloved, unpatched computers, because they know that they could be easy stepping stones to bigger things.

3. Set up a security hotline

Even the tiniest business can do this: make it easy for your users to report things that don’t look right. You don’t need a dedicated phone number or a call centre – an easy-to-remember email address might be all you need.

If your users don’t have anywhere to report common cybercrime precursors such as dodgy emails, suspicious phone calls or unsolicited attachments, then the only thing you can be sure of is that you are never going to get an early warning that could protect your business.

Remember that cybercrooks often fail at their first attempt, which is why they typically send phishing emails to many different recipients, or call round every company phone number they can find until someone makes a mistake and says or does something they shouldn’t. Make it easy for the first person to raise the alarm and thereby protect everyone else.

4. Revisit your backup strategy

As with patching, this is a battle that we’ve won in part: many companies do know that backups are important, and make at least some effort to keep secondary copies of vital data. But be very careful that you aren’t wasting time making backups that won’t be much use.

It’s easy to rely entirely on real-time backups where files automatically get copied “live” onto network shares or into the cloud whenever they’re changed. But today’s cybercriminals often take the time to search-and-destroy your online backups before unleashing their attacks.

Make sure your strategy also includes backups that you keep offline and offsite, even if that’s as simple as an encrypted, removable drive kept at home. Backups aren’t just there to protect against ransomware attacks – they’re also about disaster recovery if you can’t get into your business premises at all, for example because of fire or flood.

5. Pick proper passwords

We left this advice until last, because lots of people seem to take offence if we lead with it – mainly because it sounds so old and obvious that they’re tired of hearing it.

But we’re saying it anyway.

Remember that “proper passwords” don’t just mean not using your cat’s name every time. In a business, it also means knowing who’s supposed to have access to what; it means promptly cancelling accounts when employees leave; and it means encouraging your staff to let you know (see point 3!) if their password lets them see data they shouldn’t, so you can reduce the risk of a data breach.


Continue reading

Another SMS Scam


A new PayPal SMS phishing campaign is making the rounds, according to Paul Ducklin at Naked Security. The text messages in this campaign purport to come from PayPal and inform recipients that there’s been unusual activity detected on their PayPal accounts.

If a user clicks on the link provided in the message, they’ll be taken to a legitimate-looking phishing site that spoofs PayPal’s login process. After providing their email address and password (which are sent to the attackers), users are asked to enter their mother’s maiden name, their home address, and finally their credit card and bank details. After this, the site will redirect the user to PayPal’s real homepage in order to remove any suspicion.

An interesting aspect of this particular campaign is that the phishing site will remember victims’ IP addresses. If a victim tries to revisit the site to investigate it further, they’ll immediately be redirected to PayPal’s homepage.

PayPal phishing campaigns via email are extremely common, but Ducklin explains that SMS phishing gives the attackers several advantages.

“SMS messages are short and simple, with no room for “Dear Sir/Madam”, so people don’t expect to be greeted by name; there are usually few pleasantries or polite words; and there’s no need for fancy layout, icons, fonts or other typographical and artistic details,” Ducklin writes. “As a result, crooks can create believable fakes, with no obvious mistakes, fairly easily.”

The campaign also makes use of subdomain spoofing, which is a technique used to make phishing URLs look more believable. When you register a website, the combination of the top-level domain and the second-level domain must be unique. Using “” as an example, “paypal” is the second-level domain and “.com” is the top-level domain. You can’t register a website that starts with “,” but you can tack on subdomains to your own unique domain. Consequently, attackers can register a unique “example[.]com” and create the subdomains “paypal” and “com,” so that the URL appears as “paypal[.]com[.]example[.]com.”

This technique is used in all kinds of phishing campaigns, but it’s particularly effective when it’s used against mobile devices since it’s harder to see the entire URL.

It’s worth noting that the phishing site in this campaign is very well-crafted, and the only visual element that could tip off the user is the URL. New-school security awareness training can teach your employees to be suspicious any time they’re asked to enter sensitive information, even if the source appears legitimate.


Continue reading

Emotet Malware Shows Up in SMiShing Attacks Disguised as Bank Notifications


A newly discovered attack looks to try to make a victim of mobile device holders using a two-pronged attack that uses Emotet and, perhaps, Trickbot.

Security researchers at IBM X-Force have uncovered a new SMiShing attack in which mobile phones are sent a text purporting to be the victim’s bank with a message indicating the account has been locked and requires immediate attention. Using fake bank domains, preoccupied users may miss the fact that the address being used isn’t quite right.

Users that click the link are taken to domains known to distribute Emotet, as well as are presented with phishing pages designed to look like the banking logon page.

According to X-Force researchers, junk news content is found in the initial payload binary – a method used by creators of the Trickbot trojan.

While the attack seems to focus on credential theft, it may be a test pilot for a future campaign. The ability to infect with malware depends on the victim’s client OS, and there’s no current way for cybercriminals to know the make and OS of a victim’s phone ahead of time.

Users need to be mindful of each piece of information provided to them in any kind of unsolicited message – whether via text, in email, or on the web. Users need to be taught with Security Awareness Training to always be suspicious of messages and to look at any provided details (e.g., the domain name provided in the SMiShing attack) to quickly determine it’s bogus and potentially threatening to the user and their organization.


Continue reading

What’s The Difference Between An Incident And An Actual Loss Of Protected Data?


Inadequate and ineffective technologies are often the culprit behind the failure of compliance mandates and initiatives for many organizations. Vulnerabilities can be a challenge for organizations to manage but identifying the weaknesses and the threats businesses face with information in a state of constant flux is not something to be ignored.

Cybersecurity incidents and the threat information associated with them may change as information unfolds, similar to Positive technologies’ latest findings regarding the Citrix vulnerability risk possibly affecting 80,000 companies in 158 countries. This number is not reflective of individuals; rather, it represents companies. Though the vulnerability exposing the email address and location for the 250 million records of Microsoft customer support and service records has been patched, and the exposure was less than 48 hours, the vulnerability exposed a window of risk.

Cloud computing continues to increase in market share, and many are left to wonder if data is truly safe in the cloud, and should the management of potential threats and vulnerabilities have a price tag? Technology advances at breakneck speed, and though the expense of data security or even recovering from a breach is deemed essential, is the vulnerability management itself not part of the budget? Learning about the management of vulnerabilities and how to mitigate the problems they create can be challenging, but it is achievable.

Same Players, Different Games

Common vulnerabilities continue to morph with increased speed, increased sophistication, and decreased visibility. Malware continues to change, zero-day exploits continue to rise, and incident management and response is still a challenge.

Regardless of malware type, having software in place to detect changes that have occurred, along with proper security policies and procedures in place, may help prevent these types of attacks from occurring. In 5 Way to help Fix Security Vulnerabilities, we noted steps that can be taken by organizations that include:

  • Prioritizing Threat Intelligence
  • Focusing on Compliance
  • Automating Security Policies
  • Addressing Internal Threats
  • Making Security a Company-wide Culture

Phishing, infected software, spam, botnets, and weak passwords continue to be used as a way into an organization’s infrastructure. Adding AI into the mix could make the coming years in cybersecurity exciting but not impossible from a management perspective. The key to combating suspicious network activity is via prevention.

Though retrieval methods for obtaining this information may be more sophisticated, how to combat suspicious network activity is best done through prevention and effective endpoint security management. 

Managing Risk

 The management of risk in cybersecurity is ongoing and will expand as new technologies enter the marketplace. Regulatory compliance and best practices of those compliances may require organizations to adhere to appropriate cybersecurity frameworks. For example, PCI requirements 10.5.5. and 11.5 require file integrity monitoring configurations to be performed weekly, and failing to monitor these configurations more frequently can result in the ability to mitigate network vulnerabilities. 

Application Security

In today’s world, using applications will never go away. The number of applications used by organizations enterprise-wide will just continue to increase with technological advances. The sheer number of security flaws within enterprise applications can be overwhelming, as a Veracode report has found that more than 80 percent of tested applications had at least one flaw. Though the security risk for these flaws significantly varies, the number is startling and will most likely not diminish anytime soon.

The potential for exploits will only increase as application security flaws continue to see issues including credential management, cryptographic issues, and overall information leakage.


Misconfiguration continues to be commonplace within enterprise networks, and as many have learned the hard way, one simple error in programming can compromise an entire network. Gartner currently notes that 95 percent of cloud security failures occur due to end-user, or human error, which includes configuration mistakes. With the cloud continuing to be crucial to future business success, misconfiguration is not something to be taken lightly.

One Cannot Monitor What Isn’t Being Managed

Noting statistics from Radware’s Global Application & Network Security Report, the lack of complete visibility across an entire network ecosystem is an ongoing issue.

Maintaining enterprise change is not just a best practice for IT management; it is also a critical component for creating the ultimate security backstop. With ransomware attacks occurring every 14 seconds, the amount it takes to read this sentence, deciphering change that is threatening (unknown changes versus planned changes), becomes the cornerstone to maintaining an appropriate cybersecurity posture. 

Changes within an infrastructure often are expected, especially with system and application improvements and upgrades. However, if the enterprise and infrastructure are not consistently monitored for change, the management of those changes will be almost impossible to follow and administer.

Policy and knowledge are not always enough when it comes to eliminating vulnerabilities. Previously, we had noted the eight device types and elements that should be monitored for changes in real-time. Those include:

  • File Contents
  • Configurations
  • Servers
  • Network Devices
  • Databases
  • Active Directory
  • Point of Sale(POS) Systems
  • VMWare Configurations
  • Compliance Policy

Though there is a concern for data in the cloud, and Radware’s report mentions that 30 percent of organizations feel data is secure in the cloud, it was noted that the benefits of cloud services outweigh the potential risks, which can include web app invasions and stealing of credentials. 

For many within IT, network vulnerabilities may not be looked at as emerging risks but viewed more of as oversights. Maintaining compliance and the integrity of an IT infrastructure is not always standardized or even given consideration as most organizations lack the understanding of what “integrity” means in the context of IT Security. 

Change control, which should be automated for accuracy and convenience’s sake, can be best automated with next-generation file and system integrity monitoring software, which significantly decreases time constraints when effectively monitoring for changes. Change monitoring consists of several aspects when correctly administered. This includes:

  • Centralized Audits
  • Real-time Change Reporting
  • Unalterable logs
  • Intelligent classification of changes
  • Human Readable reporting

Data Protection and Security

It has been stated before, but worth saying again, “Data Protection is Integrity and Control.” Real-time detection and remediation can mean the difference between an incident and an actual loss of protected data/information. This data loss can, in turn, lead to devastating repercussions financially as well as brand reputation. 

Many organizations may notice changes occurring within an enterprise infrastructure, but lack the time, resources, technology, or knowledge to determine if those changes are good, expected, unexpected, or even malicious. Additionally, those same organizations are not aware of to roll-back changes to a previously known or trusted state and a potential data loss/data breach can occur.

Five signs to watch for with a potential data loss/data breach in progress can include:

Critical File Changes

The addition, change, modification, or deletion of critical system files can occur once cybercriminals gain entrance into an organization’s network. Unless critical systems are being monitored for unknown or unwanted changes, these types of changes can go undetected for long periods.

Device tampering

Devices left on or turned on by a non-user could signify on-site or remote access tampering.

Unusual Device/Internet Response Time

Immediate reporting and investigation of devices or company network should be addressed by a security policy or end-user policy. If devices or the company network suddenly appears to be running more slowly than usual, this can be indicative of malware or viruses.

Unusual Outbound Traffic

A high volume of outbound traffic could signify a transfer of data. The detection of suspicious activities could be thwarted with regularly monitoring traffic patterns.

Abnormal Admin User Activity

Are logs being reviewed on a regular basis? Perhaps red flags have occurred — and may have been noticed — but lack of time by superusers has not prompted any action. To respond appropriately to incidents, organizations need to have full knowledge of their networks and the policies, procedures, and tools in place for monitoring assets regularly.

In addition to monitoring the above signs, user tracking and audit trails should be able to be monitored and should not be altered. Protection against threats with an ability to restore systems and files to a prior state is critical. 

Fix Security Vulnerabilities and Stay Compliant

Prioritize: The first step to begin to fix or remedy vulnerabilities found within an organization’s network is to prioritize threat intelligence. Gaining access to comprehensive threat intelligence allows an organization to fully comprehend and respond to changes before a breach occurs. Without knowledge of threats and truly what is happening within an environment, risks cannot be addressed. Total network intelligence and compliance management can be the starting point for many businesses.

Make Risk and Security a Company-Wide Culture: Risk and security isn’t just a “compliance” or “IT” thing. This is a topic that should involve close collaboration with IT and overlapping departments. Knowledge of the risks within an organization’s structure is the first step, and knowing who may be affected is critical.

Focus on Compliance: Being compliant isn’t merely looking at a list and checking boxes. As previously mentioned, compliance represents a set of tools and best practices for protecting data, whether it is internal data or your customer’s data. Regardless of the type of compliance, whether it is PCI DSS, HIPAA, or GDPR, creating policies that support automation and action for constant compliance could help avoid a data breach and costly fines associated with a breach. 

To learn more about Compliance and Vulnerability Management with CimTrak, download the Compliance Solution Brief today.

– Robert Johnson, III, President & CEO at Cimcor, Inc



Continue reading

Mac threats outpace Windows for the first time


Mac threats increased by more than 400 percent year-over-year.


Malwarebytes has released its annual “State of Malware” report revealing that for the first time ever, Mac threats are growing faster than their Windows counterparts.

Last year the cybersecurity firm detected an average of 11 threats per mac endpoint which is nearly double the average of 5.8 threats per endpoint on Windows. Additionally, overall mac threats increased by more than 400 percent year-over-year.

Malwarebytes also observed that cybercriminals are continuing to focus on business targets with a diversification of threat types and attack strategies in 2019. Throughout last year, global business threats rose by 13 percent to reach almost 9.6m detections.

Growing threats

Malwarebytes' report also shed light on how trojan-turned-botnets Emotet and TrickBot both made a return last year to target organizations alongside new ransomware families including Ryuk, Sodinokibi and Phobos.

Additionally, a new wave of hack tools and registry key disablers made their way into the firm's top detections. Consumer detections of HackTools were up by 42 percent and Malwarebytes believe this is a threat to watch closely in 2020 alongside MimiKatz which also targets businesses.

Adware remained problematic for consumers and businesses on Windows, Mac and Android devices as it proved extremely difficult to uninstall while deploying aggressive techniques to serve up advertisements, hijack browsers and redirect web traffic.

CEO of Malwarebytes, Marcin Klecynski provided further insight on the findings of the firm's latest report in a press release, saying:

“A rise in pre-installed malware, adware and multi-vector attacks signals that threat actors are becoming more creative and increasingly persistent with their campaigns. It is imperative that, as an industry, we continue to raise the bar in defending against these sophisticated attacks, actively protecting both users and businesses by flagging and blocking all programs that may violate their privacy, infect their devices, or even turn the infrastructure they depend on against them.”



Continue reading

New Convincing Verizon Smishing Scam Makes SIM Swaps A Breeze


Cybercriminals intent on using a mobile device as a second factor of authentication are now using texts and very realistic-looking mobile sites to steal details needed to perform SIM swaps.

Mobile devices are inherently trusted by most users. So, they make the perfect medium by which to trick users into giving up private information that can be used against them. In a new scan, users are sent “security alerts” that are made to look like they are coming from your wireless carrier. Upon clicking the provided link, the victim is presented with a very convincing website where the user needs to “validate their account”.

2-13-20 Image


Should the victim walk through the entire scam, they give up every bit of information needed to take control of their account. It stands to reason the next step is a SIM swap, but that’s only worthwhile when used as part of a spear phishing scam intent on stealing the very same user’s online credentials to, say, their Office 365 account or banking site.

This scam highlights how an attack that simply uses a) a trusted device and b) a realistic-looking website can fool an unsuspecting user. The only real telltale sign in this scam is the URL (see the image above). You organization’s only real defense against this portion of what can only be assumed is a larger attack is to elevate the user’s security mindset and vigilance when receiving texts, opening emails, and surfing the web. Security Awareness Training continually keeps users up-to-date on the latest attack methods and the need for user participation in organizational security.

The illusion of legitimacy this attack leverages is a real benefit to cybercriminals; with it, they can fool just about anyone if the context and timing is right. Teaching users to always have their defenses up is, legitimately, your only viable defense.


Continue reading

The World Health Organization Warns of New Coronavirus Phishing Attacks. Inoculate Your Employees!


The World Health Organization (WHO) is putting out an alert about ongoing Coronavirus-themed phishing attacks that impersonate the WHO and try to steal confidential information and deliver malware. This is exactly what we predicted.

"Criminals are disguising themselves as WHO to steal money or sensitive information," the United Nations agency says in the Coronavirus scam alert.

"WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency."

The phishing messages are camouflaged to appear as being sent by WHO officials and ask the targets to share sensitive info like usernames and passwords, redirect them to a phishing landing page via malicious links embedded in the emails, or ask them to open malicious attachments containing malware payloads. "If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding," says the WHO.

WHO phishing campaign

An example of such a phishing campaign using COVID-19 as bait and asking potential victims to "go through the attached document on safety measures regarding the spreading of coronavirus" was spotted by the Sophos Security Team earlier this month.

They were also asked to download the attachment to their computer by clicking on a "Safety Measures" button that would instead redirect them to a compromised site the attackers use as a phishing landing page.

This phishing page loads the WHO website in a frame in the background and displays a pop-up in the foreground asking the targets to verify their e-mail.

Once they write in their usernames and passwords and click the "Verify" button, their credentials will be exfiltrated to a server controlled by the attackers over an unencrypted HTTP connection and redirect them to WHO's official website — not that the phishers would care about their victims' data security. Here is how it looks:


If you have not done this yet, I would send your employees, friends and family something like the following. Feel free to copy/paste/edit.

"The worldwide spread of the new Coronavirus is being used by bad guys to scare people into clicking on links, open malicious attachments, or give out confidential information. Be careful with anything related to the Coronavirus: emails, attachments, any social media, texts on your phone, anything. Look out for topics like:

  • Check updated Coronavirus map in your city
  • Coronavirus Infection warning from local school district
  • CDC or World Health Organization emails or social media Coronavirus messaging
  • Keeping your children safe from Coronavirus
  • You might even get a scam phone call to raise funds for "victims".

There will be a number of scams related to this, so  please remember to Think Before You Click! 


Continue reading

The Evolving Threat Landscape: Five Trends To Expect In 2020 And Beyond


2019 is set to break a record for the highest number of security incidents ever recorded and probably the biggest and most expensive year in terms of data breach fines, penalties and court settlements. While large-scale breaches always make big headlines, hackers are not sparing small businesses and consumers.

As we head into the new decade, cyberattacks will continue to grow in scale and volume. Cybersecurity is a fast-evolving industry, as hackers and security providers both continuously try to outsmart each other. Cybersecurity Ventures estimates that organizations will spend an estimated $1 trillion on cybersecurity from 2017 to 2021.

Let's look at some of the innovations and emerging technology trends that are likely to shape the cybersecurity industry in 2020.

1. Zero-trust networks and remote browser isolation.

As the introduction of new devices, applications, the cloud and the internet of things (IoT) rapidly gains pace, the enterprise perimeter is slowly fading away. This calls for a new security approach built around zero trust; in other words, trust no one whether inside or outside your network. Zero-trust architecture inspects and monitors all traffic and adds authentication parameters like user identity, behavior-based scoring, location and multifactor authentication to the mix.

According to a study conducted by Cybersecurity Insiders, 75% of enterprises in the U.S. are planning to deploy a zero-trust solution for a specific use case over the next 12 months. Zero trust is built around the concept of microsegmentation — that is, defining users into smaller groups and granting limited access privileges (per their job role) to allow them to complete predefined tasks.

But what about users who cannot be easily segmented? Should these users be blocked?

Enter remote browser isolation (RBI) or zero-trust browsing. Report Consultant predicts RBI will grow exponentially and change the playing field. By isolating the browser away from the endpoint, RBI ensures that an employee's system remains untouched even if the browser is infected. Basically, users browse in an environment that is totally outside of the company infrastructure, isolated in a cloud. (Gartner identified RBI as a "key preventive strategy in its adaptive security architecture for attack protection.")

2. The next wave of privacy, security and compliance.

Following the introduction of the European Union's data privacy act (GDPR), several regions and countries around the world have implemented or considered their own privacy laws. In the GDPR's debut year, Google was fined $57 million for violations. The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020, and will offer similar protection to California users: the right to know whether their personal data is being collected and sold as well as the ability to request the deletion of any personal information collected on them.

There's also a shift in consumer attitudes and demands toward privacy and compliance. As the demand for security and compliance grows, organizations will increasingly purchase products and services that will help them fulfill compliance obligations and also ensure the privacy and security of their customers. This demand will open up new roles in 2020 that demand compliance skills and knowledge.

3. Deep learning and artificial intelligence (AI) to help monitor and detect emerging threats.

Technology continues to evolve at a rapid pace — and so does the attack surface. Hackers now have an even larger attack surface to exploit. The sheer number of assets across platforms, users, devices, applications and so on opens doors to more and more threats. When it comes to cybersecurity, a proactive approach is much better than a reactive one.

In 2020, organizations will move beyond traditional approaches that rely on learning from known attacks or historical data. Instead, organizations will deploy solutions powered by deep learning and AI that are capable of analyzing complex situations with a level of detail that is impossible with traditional methods.

According to a study from the Capgemini Research Institute, 63% of organizations are planning to deploy AI by 2020 in an effort to boost their defenses, and 69% of organizations believe they will be unable to monitor and respond to cybersecurity threats without AI.

4. Phishing attacks beyond email.

Phishing is the No. 1 cause of data breaches in 2019. 2020 will see no abatement, as phishing attacks will become even more sophisticated and highly targeted than ever before. Email is no longer the only means of a phishing attack. Attackers might also send an SMS or launch targeted social engineering attacks via social media. New research from Akamai (via Dark Reading) has uncovered that 60% of all phishing kits found on the dark web are active for 20 days or less, indicating that cybercriminals will continue to develop new evasion techniques to keep their kits undetected.

Organizations in 2020 will continue to up their ante in the race to combat phishing attacks. This will, of course, not only include proper security awareness training for all employees and business partners, but also include vulnerability management and penetration testing to help prevent security breaches.

5. Cloud security.

A recent report from INAP indicated that roughly 9 out of 10 (88%) enterprises will migrate some of their workload to the cloud by 2022. The rapid shift to the cloud has cybersecurity professionals thinking about the complications of protecting these workloads. While the traditional model uses a perimeter-based approach for security, the perimeter quickly fades away in the world of cloud computing.

Insider threats, misconfigured services and shadow workloads containing sensitive data signify that the cloud needs an inside-out approach to security. This is reinforced by Gartner, which recently predicted that "through 2025, 99% of cloud security failures will be the customer's fault."

The cloud is a shared responsibility, after all, and in 2020 and beyond, more CEOs, CIOs and CSOs will accept responsibility and ownership of the cloud. In line with the above growth, 2020 will see a growing demand for technologies that secure cloud containers, cloud assets, cloud identities and more, including the demand for professionals who are skilled at managing and securing the cloud.



Continue reading

SEC Releases Results of Cybersecurity and Resiliency Practices Examinations


The SEC’s Office of Compliance Inspections and Examinations (OCIE) published a new report on the findings from examining the methods used by market participant organizations.

It’s nice to both understand what your peer organizations are doing, as well as get a nod from a governing body that the measures being taken by your own organization are up to par and meet compliance guidelines. The SEC’s OCIE recently released a set of observations gathered through examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and other relevant organizations.

In it, they cover a wide range of areas related to cybersecurity, including Governance and Risk Management, Access Rights and Control, Data Loss Prevention, Mobile Security, Incident Response and Resiliency, Vendor Management, and Training and Awareness.

For each aspect, OCIE spells out the best practices they observed across a wide range of organizations subject to the SEC.

Some of the more notable (and less traveled) practices, include:

  • Vulnerability Scanning – proactively and routinely scanning systems, applications, and code for vulnerabilities that need to be patched.
  • Testing and Monitoring of Policies and Procedures – seeks to understand the effectiveness of cybersecurity policies and procedures in the changing face of threats.
  • Insider Threat Monitoring – with most organizations focused on external threats, the SEC sees the value in also looking inward.
  • Building a Security Culture – leveraging Security Awareness Training, organizations need to continually educate users how to identify and respond to attacks and breaches.

With the overlying theme being one of using a layered security strategy, OCIE’s report promotes an implementation that protects an organization’s perimeter, systems, applications, privileged access, data ingress/egress, devices, and users.


Continue reading

7 ways to stay safe online on Valentine’s Day


Looking for love in all the wrong places? Here are some helpful tips for safeguarding yourself while trying to find love on the internet.

Valentine’s Day brings out the softer side in all of us and often plays on our quest for love and appreciation. Online scammers know that consumers are more open to accepting cards, gifts and invitations all in the name of the holiday. While our guards are down, here are a few tips for safeguarding yourself while on your quest to find love on the Internet.

1. Darker side of dating websites

Unfortunately, dating websites — and modern dating apps — are a hunting ground for hackers. There is a peak of online dating activity between New Year’s and Valentine’s Day and cybercriminals are ready to take advantage of the the increased action on popular dating websites like Tinder, OKCupid, Plenty of Fish, and many others. Rogue adverts and rogue profiles are two of the biggest offenders. For example, many are skeptical of unsolicited advertisements via email. Therefore, spammers have moved to popular websites, including dating and adult sites, to post rogue ads and links. In August 2015, Malwarebytes detected malvertising attacks on PlentyOfFish, which draws more than three million daily users. Just a few months later, the U.K. version of online dating website was also caught serving up malvertising.

In the event of a ‘possible match’ a user may be asked to “check out my other profile”.  If this happens it’s most likely a scam! Be careful about links that direct you to another website. Scammers will often try and remove you from the relative safety of the website you are using and direct you to links and files of a website that has been set up to harvest your personal information. If someone sends you a shortened URL, you can usually expand them to see where they end up. You can also search the link. If nothing comes up, ignore it.

2. Grave greeting cards

Who didn’t love getting dozens of personally delivered paper Valentine’s in elementary school? Fast forward to 2018, and electronic greeting cards (e-cards) evoke a similar sentiment, but with instant digital gratification. (Let’s be honest, the paper cards are much more enjoyable to receive.)  But, be wary. Opening an e-card can fast track malware onto your machine or turn your computer into a spam-sending member of a botnet. Don’t click on links to download software to view a card. Instead, go directly to a company’s website to open it. If the e-card is legitimate, there will be a confirmation code that allows you to open it directly on the website.

3. Spammy Valentine bounty

This time of year, everyone has the best deal in town on jewelry, flowers and even chocolates delivered exclusively to your inbox. Resist the sale and the free stuff on social media websites like Facebook and Twitter. If it seems too good to be true, it probably is. This is especially true if the email is coming from a retailer that you haven’t done business with or doesn’t address you personally. The links in these emails can download malware or redirect you to a fake website to dupe you out of personal information including your address and credit card information. It’s better to shop at known retailers than trust spam websites set up to take your money and leave you heart-broken.

4. Rogue UPS notifications

This one happens all year round, but I’ve seen an uptick around the holidays and Valentine’s Day. Yes, it’s exciting to receive packages at your door. But, do not click on UPS notifications that are generic with little to no information. If you received a package, the notification should have your name and the item details. Clicking on a fake link will likely download malware or send you to a spammer’s website.

5. Fake flower shops

It’s T-minus 12 hours to Valentine’s Day and you haven’t had a moment to shop. Instead, you turn to the Internet to send flowers to your Valentine. But, not all online flower shops are legitimate. As you search online, tons of flower shops pop up in your search engine and they all seem to have the best flowers for the special day. But, be careful because even though the website looks real and claims to have been in business for years, hackers know that this is an easy way to dupe you out of your credit card information. Here are a few things to keep in mind. If it’s a flower shop under a sponsored link, this means they paid for you to see the ad and it did not arrive organically. If it’s a long-time, family-run business, they will most likely have a physical location. You can also look to review websites like Yelp to make sure others have ordered from the shop and had a good experience.

6. Love bots

If you have an open private message system, you’ll likely receive a lot of messages from people wanting to chat. Some dating websites will also send multiple daily messages to users via email claiming that person x, y, and z would like to talk to you. Most dating bots will cycle through a canned script of a dozen or so phrases before claiming you need to be “verified” in some way. This will inevitably lead to a request for payment information. Don’t do it – if in doubt, contact the service you’re using and ask them about it directly.

7. Keep it personal

Make sure the profile you set up on a dating network doesn’t have geotagging enabled, regardless of whether you created it on a website or through an app. Some dating websites base the location you initially enter to serve up a list of possible matches within a certain radius, but they don’t display the location info on your profile. Get familiar with the granular controls on the dating website’s settings and make sure you understand the differences. Many mobile apps aren’t clear about “which thing does what,” so if in doubt, disable a particular feature until you can be 100 percent sure of the functionality being used and whether you want to use it.

In addition, don’t put your real name, age or location in your profile, email or anything else related to the dating website you’re on. Anonymous usernames are fine. You should also use a disposable email address when you sign up to a new dating service – not only will this keep people you’d rather not stay in touch with away from your main mailbox, it’ll also be obvious if a dating website decides to sell your email to spammers. This is a good trick to use outside of online dating, too.

Digital dating doesn’t have to be nefarious. Keeping these tips in mind can help you navigate Valentine’s Day safely, while enjoying all the Internet has to offer with respect to e-cards, gifts and dating. Unfortunately, not every web user has their heart in the right place. Keep yours above the danger zone and find love with no strings attached!


Continue reading

Six Security Questions You Should Keep in Mind for Third Parties


Organizations are beginning to understand the consequences of a data breach or a phishing attack and the negative impact they can really have. But what are the security risks for third parties? There are always organizations that have access to (part of) the company data -- from accounting firms to health benefits organizations, among many others. Perhaps it concerns data from employees, customers or patients; but in some cases, strategic organizational information may also be held by a third party.

More Third Parties Mean More Data Breaches

Research from the Ponemon Institute and Opus (a company focused on compliance solutions) among more than a thousand IT professionals from the United States and the United Kingdom shows that 61 percent of the companies in 2018 experienced a data breach through a third party . In 2016 that was 49 percent. The percentage is therefore rising. According to the researchers, this is due to the popularity of outsourcing IT services and the huge increase in the number of third parties that organizations have to deal with.

Working with third parties could open up more opportunities for greater risks like data breaches. That’s why it’s so important for organizations to ask the right questions and to enforce stringent security policies before they agree to work with any third party. 

Top Six Questions to Ask

For organizations that do not need an official and may not (yet) have the means to perform extensive audits of third parties, the following six questions should be asked:

  •   Does this party need access to our systems?
  •   What data do we share with this party?
  •   Where is the data stored by them, and for how long?
  •   Which third parties do they work with?
  •   What measures do they take to secure the data?
  •   What kind of proof can they provide that the data is safe with them?

These six questions paint a good picture of where a third party is concerned about data. If a party cannot provide proof that the organization’s data is safe with them, it’s better to work with another organization. 

It is very important to keep the number of data breaches as low as possible; not only because of the importance of individual organizations, but also because of the safety of the general public. The bad guys are out to exploit the vulnerabilities of your organization, and they use all available resources. Regardless of whether this is within the organization or within that of your suppliers and partners.

Many data breaches could have been prevented by being more aware of mitigating the vulnerabilities of the organization. Think not only of technical systems within your organization, but also of the quality of processes and the awareness of employees; both within the organization and with your suppliers and partners.

One of the simplest and most effective ways to develop awareness is the use of security awareness training. By teaching employees what dangers and challenges there are with regard to data breaches, and training them how to deal with them, you increase the overall level of security and resilience of the organization. Also, involve and evaluate your third parties. Managing third parties can be challenging, but using a vendor risk management platform can ensure a consistent evaluation life cycle. As part of risk assessment of your vendors, ensure they provide their staff with the same training and have other lines of defense to protect your data (as well as providing evidence addressing the above questions). Protecting your data and reducing the risk of a security incident is top priority when leveraging third parties.


Continue reading

13 tips to avoid Valentine's Day online romance scams


Scammers use dating sites to try to build relationships with people to get money or personal information. Here are 13 tips to protect yourself.

Victims of such scams sometimes avoid reporting them out of shame, embarrassment, or humiliation, according to the FBI. As such, the criminals can make a clean getaway.

Here are seven tips from the FBI to protect yourself from romance scams:

  1. Only use reputable, nationally recognized dating websites. However, be aware that scammers may be using them too.
  2. Research photos and profiles in other online search tools and ask questions.
  3. Never provide your financial information, loan money, or allow your bank accounts to be used for transfers of funds.
  4. Do not allow attempts to isolate you from family and friends.
  5. Do not blindly believe the stories of severe life circumstances, tragedies, family deaths, injuries, or other hardships geared at keeping your interest and concern.
  6. If you're planning to meet someone in person you have met online, meet in a public place and let someone know where you will be and what time you should return home.
  7. If you're traveling to a foreign country to meet someone, check the State Department's Travel Advisories beforehand, provide your itinerary to family and friends, and do not travel alone if possible.

"Holidays like Valentine's Day are a particular focal point for social engineering tricks as people tend to have elevated emotions," Chris Morales, head of security analytics at Vectra, said.

"As many people feel particularly lonely on this day, any kind of attention would be comforting," Morales said. "No matter how desirable a person may sound online, everyone must tread with caution. Only trust those you know in person and even then be cautious."

Valentine's Day is a special day for romance for many couples. For criminals, it's a special day for scamming.

"For cybercriminals, Valentine's Day is just another holiday and the opportunity for just another scam." Terence Jackson, chief information security officer at Thycotic, said. 

"If you don't know who the mark is, it's most likely you," Jackson added. "Phishing is still the attacker's weapon of choice, and there will be no shortage of well-crafted emails and messages designed to emotionally engage you and prevent you from making rational decisions."

Toward that end, here are six practical tips shared by Jackson.

  • If it sounds too good to be true, it usually is.
  • Stay clear of stories that pull at your heart strings from unsolicited sources or strangers requesting money.
  • Never share usernames, passwords, bank account numbers or credit card numbers with strangers.
  • Use common sense. That Romeo or Juliet is more likely a scammer than your soul mate.
  • If the request is from someone familiar, call them to verify the request. Don't just take a social media message at face value.
  • If your new "love" is on a dating app, and one of the first requests is for money, run like the wind.
Continue reading

Mac threats outpace Windows for the first time


Malwarebytes has released its annual “State of Malware” report revealing that for the first time ever, Mac threats are growing faster than their Windows counterparts.

Last year the cybersecurity firm detected an average of 11 threats per mac endpoint which is nearly double the average of 5.8 threats per endpoint on Windows. Additionally, overall mac threats increased by more than 400 percent year-over-year.

Malwarebytes also observed that cybercriminals are continuing to focus on business targets with a diversification of threat types and attack strategies in 2019. Throughout last year, global business threats rose by 13 percent to reach almost 9.6m detections.

Growing threats

Malwarebytes' report also shed light on how trojan-turned-botnets Emotet and TrickBot both made a return last year to target organizations alongside new ransomware families including Ryuk, Sodinokibi and Phobos.

Additionally, a new wave of hack tools and registry key disablers made their way into the firm's top detections. Consumer detections of HackTools were up by 42 percent and Malwarebytes believe this is a threat to watch closely in 2020 alongside MimiKatz which also targets businesses.

Adware remained problematic for consumers and businesses on Windows, Mac and Android devices as it proved extremely difficult to uninstall while deploying aggressive techniques to serve up advertisements, hijack browsers and redirect web traffic.

CEO of Malwarebytes, Marcin Klecynski provided further insight on the findings of the firm's latest report in a press release, saying:

“A rise in pre-installed malware, adware and multi-vector attacks signals that threat actors are becoming more creative and increasingly persistent with their campaigns. It is imperative that, as an industry, we continue to raise the bar in defending against these sophisticated attacks, actively protecting both users and businesses by flagging and blocking all programs that may violate their privacy, infect their devices, or even turn the infrastructure they depend on against them.”


Continue reading

Organizations Without Cyber Resilience Plans Are Going Out of Business After Cyber Attacks


One day your company gives away more than half a dozen cruises to employees. It was a good year.

That same week, you are stunned as you and hundreds of your colleagues are sent home and the company closes its doors.

There is confusion. There is hurt. There are rumors on social media.

Then an email arrives from the CEO: the company is unable to recover from a cyberattack and must re-structure, aka, close its doors.

This sounds like a Netflix storyline, but increasingly this is real life. Just ask the nearly 300 employees of The Heritage Company, a telemarketing company that has raised money for non-profits since 1958.

Company hit by ransomware attack, lacks cyber resilience to continue

ABC7 in Arkansas published the letter to employees, which was an admission, an apology, and a goodbye. It was straight from the desk of company CEO Sandra Franecke.

"Dear Employees of The Heritage Company,

I know that you are all angry, confused, and hurt by the recent turn of events. Please know that I am just as devastated as you all are, especially that we had to do this at this particular time of year.

Please know that we would have NEVER gone to this extreme if we were not forced to. Now is the time to be honest and open about what is REALLY happening so that all of you know the truth, directly from me, especially since some of you have incorrect information and the spreading of untruths thru social media is damaging us further.

Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically 'held us hostage for ransom' and we were forced to pay the crooks to get the 'key' just to get our systems back up and running. Since then, IT has been doing everything they can to bring all our systems back up, but they still have quite a long way to go. Also, since then, I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber attack.

I know how confusing this must be, especially after we just gave away 7 cruises just this week, but again, that was money that I spent out of my own personal money to give you the best Christmas gift I possibly could, but that was before our systems were hacked. Afterwards I didn't want to disappoint everyone by taking them back. We started the Prizes and Bingo the first of November when again I was being told the systems would be fixed that week.

What we hope is just a temporary setback is an opportunity for IT to continue their work to bring our systems back and for leadership to restructure different areas in the company in an attempt to recoup our losses which have been hundreds of thousands of dollars.

It is extremely important right now that we all keep the faith and hope alive that The Heritage Company can and will come back from this setback. It is also important that we all keep to the facts and keep calm. And so, I ask that you please share this with the employees who may not be on this page or may not have Facebook. To share this out of the group, you will need to copy the text of this post and share it as your own status.

Please know that when I made my speech at the 'Future is Bright' luncheons, everything was sincere and heartfelt. We had no way of predicting that our systems would be hacked at that time. Once we were hit with this terrible virus we were told time and time again that things would be better each week, and then the next week, and the week after that. Accounting was down and we had no way of processing funds. The mail center was down as we had no way of sending statements out, which meant that no funds could come in.

Had we known at the time that this would have hurt the company this badly, we would have made a statement to the employees long ago to warn everyone what this might mean. The ONLY option we had at this time was to close the doors completely or suspend our services until we can regroup and reorganize and get our systems running again. Of course, we chose to suspend operations as Heritage is a company that doesn't like to give up.

I also want to apologize for the way many of you found out we were closing our doors. When we left the meeting yesterday afternoon, everyone had a plan for what was to happen, but we never considered that the word would spread so fast and far to each of you before your managers could speak to the employees who had already gone home for the day. No one is sorrier than I about you finding out from other sources who did not necessarily have the correct information.

So here it is: The Heritage Company is temporarily suspending our services. On January 2nd, there will be a message left on the weather line. That message will give you updated information on the restructuring of the company and whether or not we’ve made progress on our system.

In the meantime, I urge each and every one of you to please keep faith with us. We know how extremely hard you all work for each of the wonderful charities we all represent. We want you all back where you belong in two weeks’ time. We are a family, and my hope is that we will stay a family for a long time, despite this setback.

My mother started this company 61 years ago, and I am committed to keeping Heritage open if it is in my power to do so.

New message from company hit by ransomware: seek other employment

Did you catch the part in the CEO's letter that she was hoping to bring people back in the new year? The part about calling the company's "weather line" on January 2nd for an IT recovery update?

According to ABC7, employees called, and they heard devastating news:

"Though we have made progress, there is still much work to be done. With that in mind, we do not prevent you from searching for other employment. Please take care of yourselves, your loved ones, and have a happy New Year."

Companies desperately need resilience plans for cyber attacks

Many companies have contingency plans for severe weather, power outages, and increasingly, for active shooter situations.

But too many organizations still lack cyber resilience as part of their business continuity plans. That planning can help a company withstand, respond to, and recover from an otherwise crippling cyberattack or data breach.

SecureWorld recently reported on two doctors' offices that closed after ransomware attacks because patient records were destroyed in the attacks, with no plan in place in case of a ransomware attack.

Paying ransom is not a cyber resilience plan

We've heard leaders at our 17 regional cybersecurity conferences discuss the issue of whether to pay, or not to pay, the ransom. Sometimes it comes down to principles, sometimes practicalities. 

Regardless, paying is not a guarantee of success. The Heritage Company paid the ransom to get the decryption key, but you cannot count on that as a resilience plan. Recovering from an attack can be really complicated.

This is why the City of Baltimore refused to pay attackers: $18 Million Later: Why We Refused to Pay the Ransom.

Although, in some cases we know of, paying attackers has worked well. That was the case in one Alaskan city. But it demanded a proof-of-concept before agreeing to pay the ransom:

How strong is your organization's cyber resilience plan?

Hopefully, it will keep your organization from giving away cruises one day and then shutting its doors the next.


Continue reading

Ransomware Takes its Toll


Ransomware is defined as vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries an attack is considered a data breach.

How does it get on to your computer in the first place?

Ransomware is usually delivered to a computer system via a phishing email. The email itself is harmless until the user inadvertently clicks on a link, opens an attachment or clicks on a piece of malicious advertising in the email the ransomware is released on the PC or system in the form of malicious software (malware).

How does Ransomware work?

Once it is released on the PC, the malware starts to encrypt (scramble) all data files it can find on the PC itself and on any network the PC has access to. When someone attempts to open an affected file they are informed, usually by a message on their screen, that the files have been taken ransom and instructions are provided on how to go about paying the ransom to decrypt (unscramble) the files. Hackers request that ransoms be paid with Bitcoin – an untraceable form of crypto-currency.

Why has it taken its Toll?

In their February 03 media release, Toll Group informed the world that ‘As a precautionary measure, in response to a cybersecurity incident on Friday, Toll Group deliberately shut down a number of systems across multiple sites and business units.’

It was confirmed by Toll Group today that the ransomware that it fell victim to is a new variant of the Mailto ransomware (example of screenshot above).

Important update on Toll Group IT Systems

As a result of our decision to disable certain systems following a recent cyber security threat, we’re continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption. 

Stop and think for a moment – what would happen at work if suddenly you were unable to access anything on your computer? It is hard to do this as we all have the ‘it won’t happen to me’ mentality until it does happen. Our friends at Toll Group are in a world of pain right now as they are forced to find alternative methods to serve their customers.

With over 40,000 employees globally, Toll Group had to shift to a combination of manual and automated processes which can’t be fun for anyone. With the potential of over 1000 servers affected, there are no reports of any personal data being breached.

How is ransomware prevented?

The best way to prevent an infection is to not rely on just one solution but to use multiple, layered solutions for the best possible protection.

1. Security Awareness Training: It’s easier to prevent malware infections if you know what to look for. If you understand the latest techniques cybercriminals are using, the easier it will be to avoid. Know your enemy! Take an active approach to educating yourself by taking a new-school security awareness training course.

2. Internet Security Products: There are many commercial products that will help you avoid all malware infections, but understand that none of them are 100% effective. The cybercriminals are always looking for weaknesses in security products and promptly take advantage of them.

3. Antivirus Software: While antivirus is highly recommended, you should have multiple layers of protection in place. It is not wise to solely rely on antivirus software to keep your PC secure, as it cannot prevent infections from zero-day or newly emerging threats.

Remember to STOP, LOOK, THINK and ACT when it comes to your inbox as not all is what it seems to be.


Continue reading

Bug Prevents Windows 7 Users from Shutting Down their PCs

Microsoft is investigating, but it's not clear what (or who) is at fault.

Microsoft was supposed to have ended Windows 7 support in mid-January, but it can't seem to completely let go -- and neither can some PCs, apparently. Many users on Microsoft's forumsReddit and elsewhere are reporting that their Windows 7 systems refuse to shut down or reboot as they normally would, claiming that "you don't have permission to shut down this computer." Users have unofficially fixed it by running the Group Policy Editor from the command line to force permissions, but that's clearly not something users should have to do just to turn their PCs off.


Some have claimed success by disabling a handful of Adobe update services, but it's not certain if that's a reliable fix or if Adobe software is to blame. A Microsoft spokesperson told Bleeping Computer in a statement that the company was "actively investigating" the flaw, although it's not certain what happens next.

If this turns out to be a Windows bug and not the product of a wayward third-party app, it might prove embarrassing for Microsoft. The company already had to fix a wallpaper glitch in Windows 7 just a couple of weeks after support for the operating system ended. This would require yet another out-of-band patch, and for a much more serious issue at that. It may be a while before Microsoft can safely put Windows 7 in the past.



Continue reading