Posts

7 Key Takeaways From the Kaseya Ransomware Attack

By now you’ve seen the headlines about the Kaseya cyberattack – one of the largest ransomware events in history that unfolded over the 4th of July weekend. This attack, which targeted Kaseya’s remote monitoring and management tool for handling networks and endpoints, immediately caused a ripple effect across the IT supply chain, affecting roughly 50 Managed IT Service Providers and 800 – 1,500 of the small to medium-sized businesses that they serviced.  

Unfortunately, this not only makes Kaseya the latest name to add to a growing list of high profile organizations such as Microsoft, Juniper, Solar Winds, the Colonial Pipeline, and many others to be breached, making makes it one of the largest. The cybercriminals responsible for the attack reportedly demanded upwards of $70 Million to restore the affected systems. 

Rather than re-tell the story of what happened, which you can find from dozens of articles, like this one from ZDNet, we’d like to share a few insights all businesses should take away from the situation. 

1 – It’s not a matter of if, but when 

We sincerely hope the sheer volume of breaches seen in daily news feeds has every business realizing YOU WILL BE HIT AT SOME POINT. All the companies listed above had invested heavily in hardening their security posture before they were breached (and continue to do so), but the bad guys found a way in. Even small businesses that think they’re too small to matter to cybercriminals are targets.  

2 – You need an incident response game plan 

In Kaseya CEO’s response, he pointed out that only one of 27 of their modules was compromised because of the quick and decisive action they took when they realized what had happened. If they hadn’t had a response plan and acted according to it, the damage could have been far worse – for them and their customers. 

3 – Cyber insurance is necessary – But not all policies are created equal 

As stated above, eventually your network will be compromised. And even if you have an incident response plan that you follow by the book, you could experience financial repercussions. Cyber insurance can help you weather that storm. But like all insurance types, not all policies are created equal. Watch out for policies that are more interested in forensic reports to understand how it happened than getting your business back up and running. You can do both.  

4 – Backups are your best friend in a breach 

In every security incident, we’ve remediated, one of our first go-to actions is to evaluate the organization’s backups. If set up properly, following 3-2-1-0 backup best practices, the disaster recovery time is significantly reduced, and paying the ransomware is not even a consideration. However, if you don’t have a well-constructed, business continuity/data protection plan, a ransomware attack can be catastrophic for a business.  

5 – If you don’t have a security roadmap, you need one 

If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China. For this reason alone, you need a well-documented, security roadmap that is discussed monthly (or even better weekly). In every breach remediation, we’ve worked on, the client would have saved thousands in remediation costs if they had some of the fundamental protections in place. Our 5 steps to strengthen security is a good place to start if you need help in doing this.  

6 – Establish a culture of security 

Unless your employees are all cybersecurity experts, they are by far your biggest liability. And even though this particular breach came through a different avenue, it doesn’t change the fact that over 90% of breaches originate with employees clicking on a phishing email. This is why strong passwords, multi-factor authentication, and building a culture of security that includes security awareness training is so crucial. We like to think of our employees as a human firewall.  

7 – The pros of RMM outweigh the cons 

As mentioned above, it’s not a matter of if you’ll experience a breach, it’s a matter of when. And because of this, you need reputable remote monitoring tools to manage your network – whether deployed by an MSP or yourself. The service of keeping endpoints and networks patched and up to date is absolutely critical in today’s world.  

“According to a 2019 Security Boulevard study, 60% of breaches reported were  
linked to patches that were available, but not yet applied.” 

The point is that even though Kaseya and the MSPs affected may have lost the trust of their clients right now because of a vulnerability in their RMM tool, the service they have been providing has prevented criminals from exploiting unpatched networks for years. It took a very sophisticated, coordinated attack by a criminal organization to exploit this vulnerability. If your networks are unpatched, it doesn’t require near that level of effort or sophistication to get in and deliver a payload.  

https://www.zdnet.com/article/the-kaseya-ransomware-attack-everything-we-know-so-far/

5 things every employee in your company needs to know about phishing attacks

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

5 things every employee in your company needs to know about phishing attacks

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

Data Madness: Physical and digital, ensuring that critical data stays safe

With March winding down, it is important to remember the significance of confidential corporate information. Data has been called the new oil, however, as Business Insider pointed out, this is not a great comparison. Unlike oil, more data does not intrinsically mean greater value. The nature of this information greatly matters.

So really, data is more like sediment. Some bits are just pebbles – numerous beyond count and basically interchangeable. However, certain information – like say personal identification information and dedicated analytical data – is immensely valuable. These are the gemstones, the gold, and this data must be protected.

To avoid data madness, or the immense financial and irreparable damage done by lost confidential information, follow these tips to safeguard valuable data:

"Around 23 percent of IT thefts occur in office."

Securing physical data
While many organizations worry about theft from cars, airports or other public places – not enough information is paid to a real danger: the office. According to a Kensington report, 23 percent of IT thefts occur in office. This is nearly 10 percent higher than hotels and airports.

The same report found that over a third of IT personal have no physical protection in place to prevent hardware from being stolen. Only 20 percent used locks to protect hard drives.

While organizations worry about small devices like wearables and smartphones, basic security cannot be overlooked. Companies must take steps to ensure that only employees or approved guests have access to the premises. Even then, not every worker needs universal access. Server rooms and hardware storage should be kept behind additional locks.

IT teams should also be required to keep a thorough inventory of all network-enabled data devices. This will alert the organization quickly should a theft occur. While cybersecurity grabs headlines – the importance of a good, strong physical lock cannot be overstated.

Malicious third parties are not above using simple and primitive tactics.

Protecting digital data
While physical protection is essential, cybersecurity is rising in importance. Gemalto data states that, since 2013, more than 9 billion digital records have been stolen, misplaced or simply erased without authorization. More troubling is the recent increases in data loss. Gemalto also recorded a steady rise data breach occurrence and a dramatic uptick in misplaced or stolen information.

Cybercriminals adapt quickly and their tools are constantly evolving. Deloitte released a report chronicling the increasing tenacity and sophistication of ransomware, a disturbing cyberattack that strips away essential data access from organizations and charges them to get it back. Infamous attacks like WannaCry made headlines last year and unfortunately these incidents are expected to become more common.

When enhancing cybersecurity, take a company-wide approach. Every employee with network access needs to be educated on basic risks. Network administrators should also structure internet connectivity to run on the principle of least privilege. As with the physical server room, not every employee needs access to every file. Permissions should be given sparingly.

Lastly, businesses need a concrete plan if and when a data breach do occur so that they may respond efficiently and swiftly to contain the attack. 

Finding  the point of breach quickly can reduce the damage done by cybercriminals. Finding the point of breach quickly can reduce the damage done by cybercriminals.

The Cloud Advantage
One of the reasons that cloud services are so popular is that they alleviate certain cybersecurity concerns. Many businesses, especially smaller organizations, have budget restrictions, whereas a cloud services provider like Microsoft annually invests $1 billion in cybersecurity, according to Reuters.

Handing off information security concerns to a trusted organization with more resources is a way to help safeguard your data, backing it up so that it will never be lost or stolen by a malicious third party.