Posts

7 Key Takeaways From the Kaseya Ransomware Attack

/in /by

By now you’ve seen the headlines about the Kaseya cyberattack – one of the largest ransomware events in history that unfolded over the 4th of July weekend. This attack, which targeted Kaseya’s remote monitoring and management tool for handling networks and endpoints, immediately caused a ripple effect across the IT supply chain, affecting roughly 50 Managed IT Service Providers and 800 – 1,500 of the small to medium-sized businesses that they serviced.  

Unfortunately, this not only makes Kaseya the latest name to add to a growing list of high profile organizations such as Microsoft, Juniper, Solar Winds, the Colonial Pipeline, and many others to be breached, making makes it one of the largest. The cybercriminals responsible for the attack reportedly demanded upwards of $70 Million to restore the affected systems. 

Rather than re-tell the story of what happened, which you can find from dozens of articles, like this one from ZDNet, we’d like to share a few insights all businesses should take away from the situation. 

1 – It’s not a matter of if, but when 

We sincerely hope the sheer volume of breaches seen in daily news feeds has every business realizing YOU WILL BE HIT AT SOME POINT. All the companies listed above had invested heavily in hardening their security posture before they were breached (and continue to do so), but the bad guys found a way in. Even small businesses that think they’re too small to matter to cybercriminals are targets.  

2 – You need an incident response game plan 

In Kaseya CEO’s response, he pointed out that only one of 27 of their modules was compromised because of the quick and decisive action they took when they realized what had happened. If they hadn’t had a response plan and acted according to it, the damage could have been far worse – for them and their customers. 

3 – Cyber insurance is necessary – But not all policies are created equal 

As stated above, eventually your network will be compromised. And even if you have an incident response plan that you follow by the book, you could experience financial repercussions. Cyber insurance can help you weather that storm. But like all insurance types, not all policies are created equal. Watch out for policies that are more interested in forensic reports to understand how it happened than getting your business back up and running. You can do both.  

4 – Backups are your best friend in a breach 

In every security incident, we’ve remediated, one of our first go-to actions is to evaluate the organization’s backups. If set up properly, following 3-2-1-0 backup best practices, the disaster recovery time is significantly reduced, and paying the ransomware is not even a consideration. However, if you don’t have a well-constructed, business continuity/data protection plan, a ransomware attack can be catastrophic for a business.  

5 – If you don’t have a security roadmap, you need one 

If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China. For this reason alone, you need a well-documented, security roadmap that is discussed monthly (or even better weekly). In every breach remediation, we’ve worked on, the client would have saved thousands in remediation costs if they had some of the fundamental protections in place. Our 5 steps to strengthen security is a good place to start if you need help in doing this.  

6 – Establish a culture of security 

Unless your employees are all cybersecurity experts, they are by far your biggest liability. And even though this particular breach came through a different avenue, it doesn’t change the fact that over 90% of breaches originate with employees clicking on a phishing email. This is why strong passwords, multi-factor authentication, and building a culture of security that includes security awareness training is so crucial. We like to think of our employees as a human firewall.  

7 – The pros of RMM outweigh the cons 

As mentioned above, it’s not a matter of if you’ll experience a breach, it’s a matter of when. And because of this, you need reputable remote monitoring tools to manage your network – whether deployed by an MSP or yourself. The service of keeping endpoints and networks patched and up to date is absolutely critical in today’s world.  

“According to a 2019 Security Boulevard study, 60% of breaches reported were  
linked to patches that were available, but not yet applied.” 

The point is that even though Kaseya and the MSPs affected may have lost the trust of their clients right now because of a vulnerability in their RMM tool, the service they have been providing has prevented criminals from exploiting unpatched networks for years. It took a very sophisticated, coordinated attack by a criminal organization to exploit this vulnerability. If your networks are unpatched, it doesn’t require near that level of effort or sophistication to get in and deliver a payload.  

https://www.zdnet.com/article/the-kaseya-ransomware-attack-everything-we-know-so-far/

Digital Handbook: 5 Steps to Strengthen Cybersecurity Posture
Webinar: 5 Critical Steps to Strengthen Your Cybersecurity Posture
60% of Breaches in 2019 Involved Unpatched Vulnerabilities

Three ways your SMB customers are more secure with Microsoft 365 Business

/in /by

We all read about the big data breaches – the ones that hit major corporations, with millions of personal records compromised. But today’s cybercriminals aren’t picky. Their nets catch businesses of any size, from the newest garage startup to well-established organizations with several hundred employees. Those are the businesses with perhaps the most to lose from a successful attack, whether from an interruption in business service or outright theft of customer or product information. 

Statistics bear this out: 

  • Surveys show that 58 percent of business-related cyberattacks are directed at small- to medium-sized business.[1] 
  • Average cost of a data breach to these businesses: $120,000.[2] 
  • And yet, 62 percent of SMBs lack effective digital protection.[3] 

But we get it. We know your customers probably feel overwhelmed with just running a business, let alone installing protection against digital thieves. That’s why showing your clients the benefits of the modern security built into Microsoft 365 Business helps you build a thriving practice. At the same time, you’ll give your SMB customers the ability to simplify their security strategy and confidently embrace new technology. 

Here are three reasons why your customers will thank you for helping them adopt the modern productivity cloud solution with leading security: Microsoft 365 Business. 

  1. Defend against cyber-attacks: Your customers will get protection from sophisticated, external cyber threats hidden in email attachments and links, and get cutting-edge defenses against phishing and spoofing attacks, ransomware, and other advanced malware attempts. These attacks are becoming more sophisticated every day, and the SMB space is a frequent target. 
  2. Retain control over their company data and documents– This is something that will give your customers peace of mind. Protection from data leaks will help them protect sensitive information such as Social Security numbers and credit card numbers. They also can control access to important company documents, even after those documents have been shared outside your company. 
  3. Manage apps, data, and documents on any device:Customers have full control over their company data. Regardless of the device type or operating system, iOS, macOS, Android, or Windows, Microsoft 365 Business helps you manage mobile devices. 

Plus, when you sell your customers on the security benefits of Microsoft 365 Business, you have the backing of Microsoft’s industry-leading experience protecting people and data. Microsoft is a serious security vendor, with a ton of experience in this space and the numbers to back it up. For example, each month our Outlook.com and Office 365 emails services analyze some 400 billion emails for security threats. We provide enterprise security for 90 percent of Fortune 500 companies, and operate more than 200 global cloud, consumer, and commercial services – all of which require advanced security. 

Best of all, moving customers to Microsoft 365 Business increases your value to customers. You can support one integrated solution across productivity, security, and device management while simplifying your customer’s technology investment and enabling them to operate more efficiently, cost-effectively, and securely. It also creates room for you to earn with managed services and Modern Workplace incentives. 

Visit the US SMB Modern Workplace landing page for resources related to starting a security practice and GTM assets to win new customers. Be sure to also watch this Advanced Security Opportunity webinar to learn more about the partner opportunity around Microsoft 365 Business that will increase your revenue and provide a stronger connection with your customers. 

[1]Verizon 2018 Data Breach Investigations Report 

[2]Kaspersky Lab study, 2018 

[3]Underserved and Unprepared: The State of SMB Cyber Security in 2019

6 tips for setting cybersecurity goals for your business

/in , /by

Cybersecurity is a major issue for every business, whether you’re running a multinational organization or a local company. Here’s what you need to know about why prioritizing cybersecurity is so important – and some advice on developing a cybersecurity strategy that aligns with your company’s needs and your IT budget. 

Why cybersecurity is so important 

When it comes to cybersecurity, there’s no such thing as being too careful. Cybercrime is rapidly on the rise, and the average cost of a security breach has shot up to over $13 million in recent years. 

What’s more, antivirus and antimalware programs aren’t enough anymore to protect your company from increasingly sophisticated threats. Statistics show that 52% of breaches featured hacking, 28% involved malware and roughly 33% included phishing or social engineering, respectively.

If you plan on keeping your business secure, there are a few steps to follow. 

1) Know what you need from your cybersecurity 

Every viable cybersecurity strategy is designed to achieve two things. Firstly, it should protect your business from external threats. Secondly, it should minimize the risk of negligent employees exposing your sensitive data to hackers. 

To get started, it’s a good idea to download or create a planning tool. This will allow you to note down your cybersecurity goals and how you plan on achieving them. You can revise this plan if necessary and set new goals as you go along.  

2) Establish threats and risks

Make sure you understand the impact of any disaster, be it a security breach or a malware infection, on your operations. Prepare for as many eventualities as possible and review the threats to your business regularly. 

3) Set targets for maintenance 

Update your antivirus and antispyware software regularly, and set up your systems so they automatically download crucial patches when they become available. Maintain your hardware and replace or repair faulty equipment when necessary. 

Make it a goal to change passwords regularly and always monitor access to your wireless network for any suspicious activity.   

4) Schedule backups 

Make sure that you back up important data and system processes at regular intervals. Automate these backups where possible so you don’t forget about them.   

First, decide how frequently you’ll back up data and where you’ll store it, such as in the cloud or in hard copy. Make sure you comply with privacy laws and other sector-specific regulations. 

5) Don’t forget employee training

Your employees are key to ensuring that your cybersecurity strategy is a success. Set training goals and review employee understanding of cybersecurity issues on a semi-regular basis. 

When setting training goals, set out a manageable schedule for cybersecurity training and a plan for monitoring adherence to cybersecurity processes. 

6) Seek expert advice

IT managed services providers are best placed to help you devise effective cybersecurity goals that suit your business needs and your budget. If you’re unsure how to get started on a cybersecurity strategy, or if you’re worried that your current strategy isn’t working, it’s a good idea to seek professional help.  

Staying protected

Although every business is unique, there are some cybersecurity goals common to them all. Ultimately, keeping company data secure from evolving and existing threats should be a priority for every business going forward. For more information on developing a cybersecurity strategy that suits your business, contact us today.

Why phishing is so dangerous

/0 Comments/in , , , , , /by

As 2018 begins, the total number of cyberattacks continues to rise. Data from the Identity Theft Resource Center and CyberScout showed there were 1,579 successful data breaches in 2017. This figure represents a nearly 45 percent uptick from the year before. The numbers turns especially troubling when broken out by industry.

On the whole, most sectors are tightening their security measures and reporting fewer breaches. Health care, government, education and financial industries all reported a continued decrease in successful data breaches. While this is good news, there is one market that more than made up for this gradual decline: business. In 2017, the business sector accounted for nearly 60 percent of all breaches. This trend has been steadily increasing since 2013, according to the report.

Part of this is the pace of cyberattack evolution. Businesses invest heavily in methods to prevent one type of cyberattack, only to have hackers change their strategy within months. At that point, the organization has already spent its budget in information security and may be scrambling to allocate more. However, data suggests that one of the simplest forms of cyberattack is still among the most effective: phishing.

"Less than half of all executives understand their company's information security policies."

False sense of safety
While ransomware and other, more elaborate types of cyberattack routinely make the news, phishing has been flying under the radar. Many equate it with stories of foolish people falling for schemes from a Nigerian prince or believing that they had suddenly acquired millions from the government – fantasies that businesses tell themselves they would never fall for.

Data from a couple years ago may also have looked hopeful. A 2016 Symantec report concluded that the overall email spam rate was falling and that fewer phishing bots were being used. This information, likely the result of email server providers like Gmail and Outlook stepping up their sorting technology, may have given a false sense of safety to business executives.

Compound this will another major problem in the business sector: Most executives are in the dark when it comes to understanding cybersecurity concerns. A cybersecurity survey report from BAE systems in 2016 found that less than half of all executives claimed to understand their company's information security policies.

This same survey found that only 60 percent of companies had formal cybersecurity training sessions in place, and that 70 percent of that number only had training roughly once per year. Given how rapidly cyberattacks change and adapt, this strategy would leave companies exposed to vulnerabilities – perhaps more so than other organizations because of the misplaced sense of safety.

"Cyber criminals now create fake websites that look legitimate."

Phishing is getting smarter
Part of Symantec's data – the decline of phishing bots – should not have been received with good news. Especially when, according to Comodo Threat Intelligence Lab data, the overall number of phishing attacks continues to increase. Bots are, for lack of a more proper term, dumb. They follow predictable formulas that can be easily filtered into spam boxes and out of employees' vision.

However, phishing has gotten smarter. One of the new methods outlined in Comodo's report is called "clone phishing." In this scenario, hackers intercept an authentic email communication, typically from an executive, and recreate it nearly flawlessly. The fake email is then sent to the employee in the hopes of getting a response.

In addition, the practice of spear phishing is on the rise. Most early phishing was a mass attack – the same email or recorded message sent to many people, hoping to snag a minority of those contacted. Spear phishing is more precise. This phishing tactic learns of the victim's personal information and uses it. This means that the phishing message may include real names, dates and relevant organizations – all factors that will make the communication look more genuine.

Phishing has also gotten more complex in the sense that it has evolved past emails, phone calls and text message. Cyber criminals now create fake websites – similar to originals – that look legitimate. However, these malicious sites often betray themselves in the domain name, which is typically longer or more complicated than it needs to be. These website forgeries will almost never use common domain names like .com or .org.

Everyone is a target
According to the Comodo report, 50 percent of employees will open an email from an unknown sender if it lands in their inbox. This number alone explains the increasing amount of phishing attacks, as well as why they are such a prevalent method. Every employee is a potential target.

Phishing stresses the need for comprehensive employee training at every level. Even one person being compromised can put an entire organization at risk. For example, if an entry level analyst is targeted and successfully breached, the hacker or malicious group may be in possession of the network passwords, meaning that they suddenly share his or her level of access. This can be used to install ransomware or other harmful programs. 

Every employee who receives corporate emails on a professional or personal device is the potential victim of phishing.Every employee who receives corporate emails on a professional or personal device is the potential victim of phishing.

Training to beat phishing
Information shows that training sharply decreases the likelihood of phishing success. A PhishMe report concluded that susceptibility fell to roughly 20 percent after relevant sessions on improved cybersecurity practices occurred.

Even these newer, smarter methods of phishing have telling signs. CSO stressed that malicious emails are usually more threatening or urgent than typical office communication. This is part of cyber criminals' strategy, as panicked employees are less likely to think clearly if they legitimately believe their job is on the line.

Employees should also be advised to carefully check the sender's name. If it is an unknown sender, all emails should be double-checked with the supervisor before response. Spelling and grammar are also more likely to have mistakes as cyber criminals have no corporate standard or editing department.

Business companies should be willing to partner with the experts to ensure the best training and prep programs for their employees. IT service providers like ISG prepare cybersecurity compliance as part of our extensive product portfolio. Consult with us today to find out how we can help secure your company against future data breaches. 

Lessons learned from the Bangladesh Bank hack

/in , , , , /by

Years ago, bank robberies were a very physical affair. Criminals donned ski masks and shot automatic weapons in the air, shouting for tellers to step away from the silent alarm buttons. That said, it would appear thieves have decided that this is just a little too much work. Hacking banks in order to steal money allows for the same reward without having to deal with a hostage negotiator.

In fact, the most recent cyberattack levied against Bangladesh Bank shows just how lucrative these schemes can be. The hackers involved in this scenario made away with around $81 million, which is more loot than any ski-masked thug could ever carry away. However, perhaps the most interesting part of this whole debacle is that this is nowhere near what the culprits originally intended to get. Investigators have discovered that the original plan was to take close to $1 billion when all was said and done, according to Ars Technica.

Unfortunately for the individuals involved, a simple typo wrecked what could have been the biggest criminal act of all time. A transaction meant for the Shalika Foundation was spelled as “Fandation,” which tipped employees off that something was afoot. Regardless, this is still a massive undertaking that demands intense review.

“Bangladesh Bank isn’t completely free of blame.”

How did they get in?

To understand how this whole scheme began, it’s important to comprehend how Bangladesh Bank sends and receives funds. Institutions like this rely on SWIFT software, which basically creates a private network between a large number of financial organizations. This lets them send money to each other without having to worry about hackers – or so the banks thought.

Gaining access to the transactions within this network was basically impossible, unless someone were to be able to compromise a bank’s internal IT systems. This is exactly what the criminals did.

However, Bangladesh Bank isn’t completely free of blame here. The only reason that hackers were able to gain entry was because the financial institution was relying on old second-hand switches that cost about $10 each. Considering how much was at stake, pinching pennies in such a crucial department seems incredibly irresponsible in hindsight. What’s more, the bank didn’t even have a firewall set up to keep intruders out.

Once hackers bypassed this low level of security, they were given free rein to do as they pleased. Accessing Bangladesh Bank’s network allowed them to move on to SWIFT, as the cheap switches didn’t keep these two separate. However, the really interesting part of this whole criminal act was how they took the money without anyone noticing.

Why weren’t they discovered sooner?

In order to make off with the cash, the criminals had to access a piece of software called Alliance Access. This is used to send money, which allowed the hackers to increase transactions in order to make a profit. However, Alliance Access also records transactions. This was a big problem for the thieves, as they couldn’t make money if someone knew they were stealing it.

To fix this, the hackers simply inserted malware that disrupted the software’s ability to properly regulate the money that was being moved. On top of that, this malicious code also modified confirmation messages about the transactions. This allowed the criminals to continue to operate in obscurity, racking up millions of dollars without anyone being the wiser. In fact, they would have gotten close to $1 billion if one of these altered reports didn’t have a spelling error.

A small error cost these hackers hundreds of millions. The hackers could have made so much more money if they’d checked their spelling.

However, understanding so much about how Bangladesh Bank’s system worked has pointed investigators to the notion that this was an inside job. In fact, The Hill reported that “people familiar with the matter” know that a major suspect is a person who works at the bank. No one has been named yet, but getting an employee in on the job certainly makes sense.

Network assessments are a must

Regardless of whether or not this turns out to be an inside job, the fact still remains that Bangladesh Bank was incredibly vulnerable to a hack like this. Relying on cheap network switches is bad enough, but not having any sort of firewall is a major hazard that modern institutions simply cannot allow.

This is why every company should consider receiving a network assessment from ISG Technology. Our skilled experts know how to spot glaring vulnerabilities such as these, and can suggest fixes to ensure the security of private data.