fbpx

Google Asking for Help from the Cyber-Community

Recently, Google announced that a North Korean government-backed hacking group known as the Lazarus Group has targeted members of the cyber-security community who specialize in vulnerability research. Google’s Threat Analysis Group (TAG) stated that the hacking group specializes in using social network groups to target security researchers and infect their operating systems with a customized backdoor malware. It’s believed that the cybercriminals hacked multiple profiles on platforms such as Twitter, LinkedIn, Telegram, Discord, Keybase, and some email to target the Google security team, which focuses on hunting down advanced persistent threat (APT) groups. The threat actors began with creating fake Twitter accounts to masquerade as security researchers, and then reached out on social media to legitimate security researchers.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” said Adam Weidemann, a security researcher with Google TAG.

The Visual Studio Project however came already infected with malicious code that installed malware on the targeted researcher’s computer. The malware contacted a control server and waited for commands. Curiously, not every target received malware. Some simply were asked to visit a fake blog. This led some to speculate that the Lazarus Group was not working alone. The blog hosted malicious code, however, so the end result was still the same: the target’s computer was infected after visiting the site.

Of particular note was the fact that many of the researchers who were targeted and visited the site were running fully patched and up-to-date Windows 10 and Chrome browser versions and still got infected, according to Google TAG. Some believe that the cybercriminals used a combination of Windows 10 and Chrome zero-day vulnerabilities. For those that don’t know, the term zero-day vulnerability refers to an area that needs to be patched but has not yet been discovered by researchers and software developers. In most cases, the hackers discover them first.

To add to the confusion, threat actors authored several online articles and videos that analyzed these vulnerabilities to give them credibility and gain the trust of the researchers they were targeting. One of the targets got wise and called out the threat actors’ video as a fake. Not to be outdone, the threat actors began creating Twitter sock puppet account to refute these claims.

The Google TAG Team is asking anyone who believes they were also targeted to come forward so more information can be amassed about the identity of the attackers, as well as take steps to make sure they haven’t been infected. They’re also advising security researchers to review their browsing histories to check if they’ve interacted with any of the fake profiles or visited the infected blogsite. Google has published a site of all the known profiles here. The infected blogsite is under the domain name (DO NOT CLICK) blog.br0vvnn.io.

The reason behind this attack is of particular interest as well. If successful (and at the time of this blog going to print, there’s still much that is not known about how widespread and how damaging the attacks have been), it could allow North Korea to steal exploits for vulnerabilities discovered by the researchers who have been infected. These vulnerabilities could be deployed by the threat actors in future attacks with little to no cost involved where development is concerned.

Since the attack, which is believed to have been rolled out as early as January 25th, several security researchers have discussed being targeted, but none have actually admitted to having had their systems compromised, so at this time, it’s still early days in terms of figuring out how far-reaching the damage actually is.

For anyone concerned that they have been targeted by the hackers, the Google Tag Team advised:

“If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research,”

If you have questions about what preventative steps you can take to protect your business or other assets from a cyber attack, don’t hesitate to reach out to us. At Buzz Cybersecurity, we offer a variety of services including Free Lunch & Learns, Cloud Solutions, Managed IT Services, Infrastructure as Service, Support Consulting, Ransomware Protection, and more.

Every business is different, and we would love to talk with you about tailoring a plan that fits the size of your company, as well as fits your budget. Contact us today for your free assessment!

Image by Sammy-Williams from Pixabay

Understanding the 7 Most Common Types of Malware

(And How the Best Offense is Still a Good Defense)

Malware is a term that confuses some people. Many people use the word erroneously and don’t understand how to protect their companies against each type of program. In this blog, let’s take a look at the different types of malware so you can understand how each one is a danger, and what steps you can take to prevent being a victim.

Worms

One of the earliest types of malware is the worm, dating back to the time of mainframes. They saw a resurgence in popularity amongst hackers in the 1990s when email became all the rage. Infected message attachments played on the naive curiosity of company employees who opened and shared with co-workers, and by the time someone figured out there was a worm, most of the office had been taken out.

Worms are different from other types of malware because they are by nature self-replicating. Some viruses can do this too, but its not always a calling card What makes worms particularly dangerous is that they don’t require end-user action. Meaning, that unlike some types of malware that require tricking the human being sitting at their computer into activating it, worms can propagate independently as soon as they find a breach in the network.

Viruses

Most malware gets labeled as a “virus” but the truth is that statistically, less than 10% of malware are pure viruses. They typically are attached to or hidden in a file that is being shared with the user. And viruses differ from worms, mentioned above because they do require participation; usually, the person must download or open the file for it to get access to their operating system. It always needs a host. DOC and EXE are often the files of choice. Typically, the way a virus gains access to an operating system involves a person getting an email with a subject line that begs attention, like “Please read IMMEDIATELY!” Once you open the email, if it’s a DOC file, the virus is only activated once you download the file and enable to macros. If it’s an EXE, then it’s downloading it and running the file that triggers the virus.

Trojans

You’ve probably heard lots about Trojan malware but other than the immediate connection to Greek mythology (the Greeks presented Troy with the “gift” of a giant wooden horse to gain access to the city. Once inside the gates, men hidden in the hollow belly emerged to sack Troy from within.) many people don’t know much about them, much less how to identify or prevent becoming the victim of one.

Trojan malware has been around longer than viruses, but not quite as long as worms. And they have gradually become more popular with hackers than worms mainly because they can easily be disguised as legitimate programs. But chances are, if you’ve spent any amount of time online, you’ve been the target of one, especially if you have inadvertently visited an infected website. The most popular scheme is an antivirus pop up informing you that you’ve been infected with a virus, but offers to save the day by having you click on a program to clean up your PC. And users who take the bait then get infected with Trojan malware. Not surprisingly, they are infected more computers than any other type of malware.

Ransomware

Several of our previous blogs have been about ransomware because of the disturbing rate that it has been growing since 2012, when the first attacks were recorded. Ransomware is a subtype of Trojan, and as you may have guessed, gets its name from the ransom that is demanded by cybercriminals once they’ve hacked into a company’s database and gained access to sensitive information. Once in, they can block the company’s access or threaten to go public with the information they’ve obtained. Also known as cyber-extortion, the hackers have been known to double to amount of ransom if the company goes to the police or can’t raise the ransom in time. You can read more about ransomware in our previous blogs here.

Adware

Probably more annoying than any of the types of malware, it can still wreak havoc on users if they’re not paying close attention to what they click on. Adware, short for advertising-supported software, comes in the form of unwanted pop-ups. Often, adware programs direct browser searches to similar-looking but bogus webpages that promote their products. It can add spyware and bombard your device with unwanted ads. If you’ve ever been on a website and your web address suddenly changed, that’s also adware. The purpose of adware is mainly to access your browsing history and target you with advertising that is tailored specifically according to what you might be likely to purchase. But sometimes when you get redirected to a new page, new adware and other forms of less innocuous malware may be downloaded into your computer. Soon, you’ll notice that your system is operating much slower, frequently crashing, and more ads. The main ways to come in contact with adware are downloading freeware or shareware, and going to infected websites.

Malvertising

The simple definition is the online use of advertising to spread malware. It’s often confused with adware, but there’s a distinct difference. Malvertising uses legitimate ads to covertly deliver malware, and is deployed on a publisher’s webpage. Cybercriminals may even buy ad space on reputable websites to do so. The New York Times Online, The Atlantic Monthly, Spotify, and The London Stock Exchange have all been victims of malvertisers. But the endgame is still the same with both: get you to click and download malware onto your computer.

Hybrid Forms

More and more, cyber damage is done in the form of a nasty cocktail comprised of worms, Trojans, and viruses all rolled into one. This is often done to mask their presence from anti-malware programs by modifying the operating system and taking complete control.

So now that we’ve looked at the 7 most common types of malware, we know you want to understand how to lessen the chances of being a victim of each. To start with, most malware often exploit vulnerabilities and bugs. We can’t stress the importance of staying current with OS application updates and patches. Lastly, for business owners, comprehensive cybersecurity is a must these days for all of your devices- laptops, desktops, tablets, and smartphones. You need real-time security that can keep track of essential activities like emails and web browsing, rather than periodic scans. The best security software is not static, meaning a one-time installation with occasional updates. We offer Cloud Solutions and Integration that can help with this. We also recommend training your employees to understand what to be on the lookout for. We offer a free Lunch and Learn program that will teach them to spot red flags. Feel free to reach out and talk with us if you have more questions.

Photo by Michael Geiger on Unsplash

How To Avoid Amazon Gift Card Malware Scams

The Gift That Keeps on Taking

This year, many people awoke on Christmas morning and were delighted to find Amazon gifts card delivered to their email. For some, however, the email they clicked on wasn’t really from Amazon, but part of a phishing campaign. What they actually received was the gift of a Trojan horse in their email. It’s enough to make anyone pause, because even though we’d like to think we’d be savvy enough to catch a phony scam, the truth is that hackers are getting more sophisticated with how well they can disguise their malware. Let’s take a look at this particular email attack, and help you to reduce your chances that you’ll be their next victim.

To begin with, when the email was opened, the virus didn’t automatically get installed. The recipient was asked to click on an “enable content” button under the premise that the attachment to the gift card was created in an online version of Microsoft Office. Once the button was clicked, it allowed malware to be downloaded and installed to whatever computer the user was on.

The particular type of malware that came through in this latest attack was the Dridex Virus. The original version of Dridex first appeared back in 2012, and over the years has become one of the most prevalent financial Trojans. Up until now, the cybercriminals using it have mainly targeted the financial sector, including the banking industry and its customers. One of the reasons why this incarnation of Dridex is so dangerous is because it has been known to give threat actors, such as DoppelPaymer, access to compromised systems to deploy ransomware. The FBI issued a warning last month that predicted DoppelPaymer attacks would see a spike in activity. In 2019, the hackers hit several high-profile targets, including Chile’s Ministry of Agriculture.

This is the first time DoppelPaymer has gone after people via a fake gift card, and the recent change in the ways the attacks are being targeted have left many scratching their heads. There could be many reasons for this. Some speculate that the answer that makes the most sense is simply that with many people celebrating the holidays in isolation this year, online shopping has seen an increase, and hackers, sensing that Amazon gift cards would be a popular gift, are looking to exploit any opportunity to profit. Others worry that the reasons could be much darker.

Typically Dridex tries to lure unsuspecting users to click on an attachment in their email to access the content, in this latest case a gift card. But you can stay clear of becoming a victim by remembering just a few simple rules.

To begin when you get any type of gift card, especially one from Amazon, it will never ask you to download an attachment. A legitimate gift card from Amazon will send you an email indicating who the gift is from, as well as a code in the message that you enter on the Amazon website to add funds to your account. If you get an email that purports to be from Amazon and it’s asking you to download an attachment in a Microsoft Word document, anything resembling such, close the email immediately, and mark it as spam. If you think the gift card might be legitimate, contact the sender via phone, as opposed to email, to find out if it was from them or not.

Scammers also went after online shoppers, too. In one instance, a fake website was set up to lure unsuspecting Target gift card recipients to check their balance. Once the card number was entered, the bad guys had all they needed to go on an illegal shopping spree. Bleepingcomputer reported in a recent article that in some instances, the differences between Target’s actual page and the imposter are so minute that most people would not notice the differences. The layout, text, and colors are a very good imitation. To further obfuscate the user, once their information is entered, they get a “checking balance” message that buys considerable time, and eventually appears to “time out,” telling the user that an error has occurred, and verification has failed. Most people assume the issue is either a user error, or that online traffic is maxing out the site, causing it to crash. They then go about their business, intending to check back layer, and never suspect that they’re been scammed.

When people we consider naïve get scammed, we comfort ourselves with the thought that we would have been savvier and not fallen for it. But it’s super frustrating when the hackers are getting better all the time and we see something that we probably would have fooled even us. In the case of the Target gift card scam, the only “tell” is that the web address is a bit suspect, and none of the links on the rest of the page work. But during the holiday season, when people are overloaded with trying to get shopping done, or after the holiday when they are trying to come down from having brain overload, it’s understandable that sometimes things slip by that we might otherwise be wise to.

Especially if they’re cleverly disguised and seem familiar to what we’re used to seeing, with only slight differences.

What we can tell you is to always, always trust your gut. As cybercriminals continue to get more sophisticated with their tactics, while following these guidelines will help you to avoid most scams, there is no exhaustive list that covers every single situation. Most of the time though, you will have a nagging feeling that you need to slow down before you click. Pay attention to that.

As always, if you want to train your employees on how to spot phishing scams, Buzz Cybersecurity has our Lunch and Learn Program that will be continuing in 2021. Contact us today to learn more and schedule us to come out and educate your employees on how to take ownership of protecting your company’s assets!

Image by Robinraj Premchand from Pixabay

Cyberterrorists Now Outsourcing Crime

Ransomware Gets an Upgrade

Yes, you read that right. Apparently, hackers, specifically the ones conducting ransomware attacks, are now using a third-party call center to contact victims if they suspect that they’re attempting to restore backups and skip out on paying ransom demands to get data released to them. If you’re not familiar with how ransomware works, you can read our blog from earlier this year that goes into more detail.

In what appears to be a fairly new tactic starting over the summer, ransomware attackers have hired a call center in an attempt to harass and strong-arm businesses into complying with the extortion demands. While the exact location of the operation is still unknown, because the scripting being used to intimidate victims of these ransomware attacks are reportedly very similar, with only slight variations in wording, cyber police have reason to believe that the same call center is being used by several ransomware attackers, including known cyberterrorists Conti and Ryuk.

An incoming call made on behalf of the now-defunct criminal group known as Maze was recently recorded, and the callers had a heavy accent, leading experts to surmise that they were not native English speakers. Below is a redacted transcript of the call provided, originally published on zdnet.com:

“We are aware of a third-party IT company working on your network. We continue to Monitor and know that you were installing SentinelOne antivirus on all your computers. But you should know that it will not help. If you want to stop wasting your time and recover your data this week, we recommend that you discuss the situation with us in the chat or the problems with your network will never end.”

As we’ve reported in previous blogs, ransomware attacks are a type of cybercrime that has grown exponentially over the last few years; its evolution is fascinating and disturbing. In the past, ransomware extortion tactics have included doubling the ransom amount if it wasn’t paid in full by the deadline and threats to leak sensitive information online or to journalists. With the pandemic this year, hackers have found new ways to exploit companies, especially those who now have employees working from home. The ways in which they have found to wreak havoc seem endless.

And it’s not just big companies being affected. Every day people are starting to suffer, even if they’re unaware of the cause. On Dec. 1st, cyberterrorists targeted Translink, the public transportation agency used by the city of Vancouver. Translink posted a tweet confirming it was not, as originally reported, a prolonged technical issue, and only after being forced to come clean by local news outlets. When the ransom was not paid, the attack crippled operations and left untold travelers unable to use their Compass metro cards to pay their fare, nor could they purchase new tickets at the nearby kiosks. It was nearly two days before operations returned to normal. It is still an ongoing investigation with the culprit behind the attack unknown to the general public.

Translink wasn’t the only victim of a ransomware attack this month. On December 5th, it was reported that helicopter maker Kopter also suffered an internal breach that allowed hackers to steal encrypted files. When Kopter refused to negotiate with the terrorists, they published those files on the dark web a few days later as a blog on a site owned and operated by the ransomware group who call themselves LockBit. The files included sensitive data such as business documents, internal projects, and aerospace and defense industry standards.

The most stunning attack this month, however, came when cybersecurity giant FireEye was hacked by “a nation-state.” The firm is known for being the go-to for government agencies and companies worldwide who have been the target of a sophisticated cyberattack. An article in the New York Times reported that it was a theft “…akin to bank robbers, who having cleaned out local vaults, then turned around and stole the F.B.I’s investigative tools.”

FireEye reported on Dec. 8th that its systems were breached by what it referred to as a “nation with top-tier offensive capabilities” and that the hackers had gained access to tools that could be used for new attacks around the world. While they have declined to say who precisely was behind the attacks, when the F.B.I turned the case over to Russian specialists, it led many to speculate that hackers were after what the company calls Red Team Tools, which are tools that replicate the most sophisticated hacking tools in the world. At the time this blog is being written, the story is still developing.

The bottom line is that ransomware attacks are not going away anytime soon, and will continue to grow in complexity and sophistication in 2021. The best defense against a ransomware attack is, not surprisingly, a good offense. You don’t want your company to be the only car on the street with unlocked doors and no car alarm. Do everything you can to make hackers look elsewhere for an easier target.

We can help you evaluate your risk level with a free consultation. Contact us today and we will give you an honest evaluation of your company’s cybersecurity, and what can do done to close the gap on any weak spots that are making you a tempting target for cybercriminals. There’s no price on peace of mind!

7 Ways to Protect Your Assets During the Holiday Season

As we close out what has been a difficult year for many, there’s a temptation to slack off being aware of the cyber risks out there, but the holiday season statistically sees an increase in cyberattacks, and experts are predicting that this year will be particularly bad. This year with COVID-19 restrictions hindering in-person activities, online purchases are expected to have a record-setting year. Cybercriminals are anticipating this, and will ramp up their efforts to take advantage of both unaware shoppers and unprotected businesses, looking to exploit sensitive information and data for the purpose of hacking. In this article, we take a look at how to stay one step ahead of the bad guys. We’ve done the research so you can actually enjoy your holidays with loved ones, rather than having to be on guard duty 24/7.

  1. Be Careful With Holiday-Themed Emails. Retailers go out of their way to send out emails touting sales and special deals, and they all look really shiny! And by all means, take advantage of those savings, but understand that phishing emails will also look festive. Pay particular attention to an email if you don’t recognize the sender, or it’s rife with spelling errors. That might be a clue that someone overseas is trying to get you to give your credit card information, or open an email with a virus attached to it.
  2. Slow Down. We’ve all clicked on a deal, only to see a pop up telling us that the special price is only available for a limited time—sometimes only minutes! Personally, I click right out of these because retailers often use this tactic to pressure you into making a bad decision that will result in buyer’s remorse, but hackers also use it to get you to throw caution to the wind, enter your credit card information, and click the buy button before you’ve really checked out the site. It’s OK to slow down and take a minute to make sure you trust the retailer on the other end.
  3. Beware of Phone Phishing Scams. I don’t know about you, but during the month of December, I am working to meet deadlines faster so I can have more time to bake cookies, attend parties, and savor the moments of peace and joy that are unique to this time of year. And all the while, I’m juggling phone calls and emails from clients. Normally, I don’t answer the phone if I don’t recognize a number, but I’ve occasionally broken my own rule, and there is usually someone on the other end trying to sell me something. They’re typically harmless telemarketers, but one time in particular I remember the person on the other end had an air of urgency and needed to verify me before he would even explain what the call was about. And when I say verify, he needed me to confirm my mother’s maiden name and the last 4 numbers of my social security number! When I refused, he tried to intimidate me with vague consequences that made me laugh out loud and hang up. Stay vigilant—this time of year scammers are counting on you juggling ten things at once and hoping you’ll have a momentary lapse in judgment.
  4. If You Must Work While Mobile, Be Extra Aware of The Risks. Many people wind up working during the holidays from hotels, airports, and anyplace that has free WiFi. But there are additional risks that come with working on-the-go, so be sure that you’re not using an unsecured network. Hackers will sit in coffee houses and lie in wait for unsuspecting victims who are tired, working against a deadline, and figure that using the free WiFi this one time won’t hurt. Trust us, it’s not worth it. A moment in lapsed judgment can wind up costing you thousands of dollars, and damage your professional reputation when you have to explain to clients how their information got leaked.
  5. Pay Attention to Your Server Activity. Server mining happens with more frequency during periods of shutdown, like holidays, when schools, businesses, and others are not using the majority of their server capacity. You’ll want to keep an eye on the activity level, and if it seems off to you, make sure to look into it right away. Buzz Cybersecurity offers Managed IT Services that can help with this.
  6. Keep You Updates Updated! The excitement of getting to see family, coupled with fast-approaching deadlines means that during the holidays, many companies and employees are more likely to put off patching until the beginning of the year, and hackers will look to take advantage of this. Updates and restarts are often seen as a frustrating barrier to getting out the door and often get overlooked, but take the time to audit. You know what they say about an ounce of prevention.
  7. Keep the Faith. As we celebrate the holidays, we want to encourage you to keep your faith in things above, and not in too-good-to-be-true sales and specials that make grandiose promises. If you get a nagging feeling that something isn’t right, don’t ignore that. At Buzz Cybersecurity, we like to think that we all have a built-in sense of discernment that helps to protect us when others would seek to harm us in some way. We encourage you to pay attention to that.

We hope you and your loved ones enjoy the happiest of holidays and stay safe. And if you want to have us run a diagnostic on how you’re doing with protecting your assets, contact us so we can help you to have peace of mind this holiday season.

Gamer Alert: The Ragnar Locker Ransomware Attack!

What You Need to Know About The Latest Ragnar Locker Ransomware Attack

The Ragnar Locker Virus is not one you may have heard about, but if you’re a gamer, you’ll be hearing plenty about it soon enough. It’s been around for roughly a year, making its debut in December of 2019. It is a data encryption malware that specifically targets Microsoft Windows operating systems, and it appears to be more sophisticated than its predecessors. This new ransomware made headlines this week when it was revealed that on November 5th videogame giant Capcom succumbed to an attack that affected certain systems like file systems and emails and reportedly encrypted 1 terabyte of sensitive data. If you are unfamiliar with what ransomware attacks are, we’ve covered it in a previous blog, so click here to get caught up and then come back and finish reading!

Anyone who has played “Resident Evil”, “Darkstalkers”, or “Street Fighter” will be familiar with the multi-million dollar Japanese gaming company that started back in the late 1970s. And although they are claiming that no customer data was stolen, we thought it was still worth looking into. The attack was first detected on the morning of Monday, November 2nd when it was confirmed that an unauthorized third party hacked into their database. Capcom halted some of its internal operations later that day.

“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders.” the company stated in a release on its website. “ Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites”.

According to their website, they have involved police and other authorities to aid them in their investigation. You can read their official statement here. According to Bleeping Computer, a website that covers technology news, they got a copy of the ransom note delivered to Capcom, and it claims that the cyber-terrorists downloaded more than 1 TB of company data which included financial files and banking statements, corporate agreements and contracts, intellectual property, non-disclosure agreements, and private corporate correspondences such as emails, audit reports, and marketing presentations.

So be aware that if you have every shared any sensitive information with Capcom, it is possible that it may very well be in the hands of cyber-criminals, and be extra cautious of any suspicious emails claiming to be from them.

How is Ragnar Locker Ransomware different?

This year in general has seen a spike in normal ransomware targeting, with hospitals, universities, and even county elections falling victims to malicious attacks. Cyber-terrorists are particularly ruthless because they have leveraged every possible advantage during the pandemic to grow rich off of the misfortune of others.

Case in point: earlier this year in April, Portuguese media reported that Energias de Portugal, an international energy giant, and one of the largest European operators in energy and wind sectors, was hit by a Ragnar Locker attack while the country was experiencing a state of emergency due to COVID-19. There are conflicting reports as to how much money was demanded, but it was rumored to be close to 10 million euros. It is also widely believed that many of these types of ransomware operations are created in Russia or other CIS countries. The following is an actual Ragnar Locker ransom note:

“It’s not late to say happy new year right? but how didn’t i bring a gift as the first time we met #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won’t decrypt your files without our tool but don’t worry,you can follow the instructions to decrypt your files

1.obviously you need a decrypt tool so that you can decrypt all of your files

2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay

3.i will reply a specific price e.g 1.0011 or 0.9099 after i received your mail including your DEVICE ID

4.i will send your personal decrypt tool only work on your own machine after i had check the ransom paystatus

5.you can provide a file less than 1M for us to prove that we can decrypt your files after you paid

6.it’s wise to pay as soon as possible it wont make you more losses

the ransome: 1 btcoin for per machine,5 bitcoins for all machines

how to buy bitcoin and transfer? i think you are very good at googlesearch

[email protected]

[email protected]

[email protected]

Attention:if you wont pay the ransom in five days, all of your files will be made public on internet and will be deleted.”

What distinguishes Ragnar Locker Ransomware from other types of ransomware is that it is significantly more sophisticated than its predecessors. Specifically, its a new data encryption malware, that as we mentioned previously, targets operating systems that run on Microsoft Windows.

Ragnar Locker is not a one-and-done virus. The attack rolls out in stages. First, the cyber-criminals inject a module that will collect sensitive data from machines that have already been compromised and infected. From there, that data is uploaded to their servers. The perpetrators behind the malware then notify the victim of the breach, and that this sensitive data will be released to the public if a ransom is not paid.

Ragnar Locker Prevention

At present time, it’s estimated that over 80,0000 companies are vulnerable to this type of attack, with entities in the United States topping the list.

There are two main things you can do to protect your business and lessen the chances that your data will be held for ransom. The first is ensuring that any CITRIX ADC servers are up to date and that your CVE-2019-19781 vulnerability is patched. The second is making sure that Windows 10 Tamper Protection is turned on.

If this terminology is confusing and you sense that you’re in over your head, trust your gut and reach out to us to schedule a free consultation to talk about creating and implementing a Disaster Recovery Plan for you today!

Photo by Mateo Vrbnjak on Unsplash

Special Election Blog: Cybersecurity and the 2020 Elections

How real is the threat of election results being hacked?

As we’ve posted here on the Buzz Blog previously, cybersecurity is an ever-growing concern, especially since so many things have shifted to a remote setting since the COVID-19 pandemic hit earlier this year. And let’s be honest, it was an issue before your banker was servicing your account while the dog begs for a treat and her toddlers play on the carpet in the other room. The question though that is on the minds of many people is just how real the threat is in the context of the elections coming up. It’s impossible to accurately predict this with 100% certainty, but we’d like to take a look at some of the very real and valid concerns that people have.

To begin with, many people have questions about election security itself. How safe are the databases that store voters’ sensitive information? In 2016 it was confirmed by CBS News that the state election databases in Arizona and Illinois had been hacked. If that weren’t bad enough, at the Black Hat convention earlier that year, it was proven that voter smart cards could be used to vote multiple times. And when not all states are using a paper ballot verification system, this is concerning.

But how exactly does a voting machine get hacked? To start with, there are two types of voting machines: paper and electronic. And the problem with many electronic machines is that they are over a decade old. These machines were designed in a time when cyberattacks, while by no means unheard of, at the very least were less rampant. And the software, issued by companies like Microsoft, isn’t being updated. And because most voting machines don’t have firewalls to prevent unauthorized remote access, it’s not hard for an attacker in close proximity to target an attack with the intent of taking over the device.

We’ll talk about what can be done in light of these concerning revelations, but first, we’d be remiss if we didn’t take this opportunity to point out that cybercriminals also look to exploit the interest people take in the elections by flooding every available channel with malicious spam. Clickbait stories go out every day in emails with the hopes that people will unknowingly open and forward them, spreading malware. We’ve heard from people who had a check in their gut, but opened a suspicious email anyway and now regret it. The best advice we can give you here is that if something doesn’t feel right—pay attention to that. It’s better to double-check the source of a suspicious email and be safe.

Cybersecurity’s role in helping limit the risk of exposure

Most experts agree that election officials need to take a more revolutionized approach to prevent hacking and prevent being left behind as other industries move towards modernization and digitizing outdated infrastructure. A recent article by Security Magazine identifies 9 major election infrastructure components that are necessary in order for any election to be deemed secure, accurate, fair, and accessible:

  • Voter registration and database systems
  • Electronic poll book/onsite voter registration systems
  • Vote capture devices
  • Vote tally systems
  • Election night reporting systems
  • State and other county systems that process election data
  • Traditional and social media communication applications used for situational reporting
  • Vendor election equipment/service architectures

They also recommend that elections jurisdictions bring in a cybersecurity and advisory consulting team to assess whether there are any weaknesses in any of the above areas. Cybersecurity experts can more readily identify these areas because they are trained to know what patterns to look for. Doing so will reinforce the local elections jurisdictions to be able to pinpoint important security issues and target them for quick remediation, better understand how prepared they are to respond quickly to a security event, and be able to evaluate the strategic priority of using certain methods to reduce methods and frequency of attack.

The Bottom Line

Circling back to our original question: Can the elections be hacked? The answer is yes. There are definitely enough weak links in the system countrywide. And although a cyberattack is preventable, with the election being days away, it’s unlikely that steps will be taken between November 3rd at 7pm and the time that this blog goes to print.

If a prototype of an election cybersecurity program could be implemented, it should include precepts that would empower an election jurisdiction to pinpoint, isolate, and update any obsolete OSes on election business systems, as well as routinely conduct elections cyber-maturity assessments. Some experts advocate only using paper ballots.

The most important thing right now is to keep asking probing questions and continue to advocate for updated protocols and systematic approaches that will streamline the process and make attacks harder to succeed. While we have no doubt that these very attacks will continue to get more sophisticated and more frequent, we remain optimistic that continued vigilance and education will reduce the chances that elections will continue to be hacked.

Photo by Element5 Digital on Unsplash

Why You Need a Cyber Risk Assessment

Are you really at risk?

In 2020, Cybercrime was up 600% due to the COVID-19 pandemic. Unfortunately, the threat of being hacked, having data hijacked, or even worse, being held for ransom is not going away. But many businesses don’t see a need to stay up-to-date on protecting their assets. Especially if they are one of the 30.7 million small businesses in the United States. Most people however assume that they are too small or too under-the-radar to attract the attention of would-be cyber terrorists. They would be dead wrong. While it’s true that big corporations are responsible for more data, it’s the smaller entities, usually those with with less than 1,000 employees, that are often least equipped to handle an attack and make them tempting targets. So let’s look at what exactly an assessment entails, as well as a few reasons why it makes complete sense to have a cyber risk assessment done and why it’s actually very foolish not to.

What is a Cyber Risk Assessment?

Simply put, a cyber risk assessment is a service offered by a cybersecurity company to help you evaluate areas where you are susceptible to an attack in the near future. Buzz Cybersecurity offers a comprehensive assessment at no charge. This is a proactive approach that will give you valuable information on how your business is doing: if you’re in good shape, then you gain peace of mind; if not, we will suggest a targeted approach to give you steps to lessen your vulnerability.

But don’t just leave it up to chance. Here are some reasons why you need a yearly assessment.

  1. Your staff is not tech-savvy. No need to be embarrassed about this one—most companies are in the same boat. And to be fair, it’s not really your employees’ job to be cybersecurity. And most are not trying to be sloppy, they’re just preoccupied with the day-to-day demands of the business. And even long-time employees who have been through compliance training may still fall victim to security scams. Hackers get more clever every year, so don’t leave it up to your employees to wear a security hat on top of everything else they’re doing.
  2. You have employees using their own devices. This is of course more common in the aftermath of COVID-19, but you may have employees using their own devices that you may not have considered. Do you use any freelance services like graphic design or copywriters? They are most likely sitting in a coffee shop on their mobile device or laptop, and quite possibly using the free WiFi.
  3. You’re uncertain about meeting regulatory compliance requirements. Some businesses are required to meet certain regulations, especially in the areas of educational settings, finance, healthcare, or energy. One of the benefits of having a security risk assessment is that it will uncover any areas where your business is not in compliance. Once an assessment is done, recommendations can be made to make sure you stay in compliance.
  4. You might have made a few enemies along the way. Nobody wants to imagine that a former employee would do anything deliberate to sabotage you company. We’ve covered this topic at length in our August blog Mitigating the Risks of Insider Data Theft so we won’t go into a lot of discussion here but you’ll want to have a professional risk assessor go over any possible situations that could be leaving you vulnerable to data theft after an employee has moved on.
  5. Outdated technology. All of those updates and patches you’ve been ignoring? It could cost you significantly down the road. And as technology gets older, it often stops supporting even those. At the time this blog is being written, updates to Windows 7 are currently being phased out for good. And make no mistake, hackers know better than anyone.
  6. Overlooking the establishment of data control policies. Many companies don’t even have any policy in place when it comes to controlling their data. This is a big miss. As mentioned earlier, employees may be using unprotected WiFi, but it goes beyond that. Personal devices can be stole or lost, and USB drives are easily misplaced. It leaves not just one, but potentially several holes in the armor protecting your data. Having a cyber risk assessment will help you to determine your vulnerabilities and close the gaps.
  7. Peace of mind. This last one might seem obvious, but oftentimes business owners or executives put little value on having the ability to focus 100% of their attention on the tasks right in front of them. They instead assume they will simply put out fires as they go, if and when they happen. This approach to operations is, in our opinion, short-sighted at best. It’s no different than skipping a regular visit to the dentist or the eye doctor. The pro-active approach to cybersecurity always leaves a business in a position of empowerment and preparedness.

One final thought concerning cyber risk assessments: don’t cut corners. You may be tempted to take stock of your situation and tally the results yourself, but this can actually cost you in the end since most business owners don’t know all the places to look for possible entry points where hackers can get in. With Buzz Cybersecurity, we’ll generate a report that will list any vulnerabilities we find in your notwork, as well as realistic solutions that will make it more difficult for cyber criminals to make you the victim of one of their attacks. So if you found yourself nodding your head at any of the key points listed above, don’t put off a cyber risk assessment any longer. It’s free and it’s the right thing to do to protect your assets. You’ve worked hard to make your company what it is today—don’t leave the door open for someone to come in and help themselves to it all.

Dear Reader: It’s not too late to schedule a free risk assessment before 2020 is over! Start 2021 with peace of mind by contacting us today!

Photo by Scott Graham on Unsplash

Eye on Security: Rogue Mobile Apps

What are they and are you at risk?

Here at Buzz Cybersecurity, we never stop looking out for our clients and readers when it comes to the evolving world of data breaches, viruses, and other threats to your security. So this time, we wanted to take a closer at a type of malware that isn’t necessarily new, but many people are still unaware of: the rogue mobile app.

Phishing is still #1 when it comes to global fraud, but rogue mobile apps have become more prevalent in scams over the past few years and sit in the #2 spot. With more apps coming out every year, pewresearch.org reports that 6 in 10 Americans prefer getting their news via their mobile devices, such as smartphones or tablets, versus the traditional desktop or laptop. Thieves understand this, and are more than willing to capitalize on the opportunity to get you to download something while being distracted: on the subway ride home, checking your phone while your date is in the bathroom, or simply after a long day at work.

Simply put, rogue mobile apps are created for the sole purpose of gathering sensitive information stored on your phone. Think phone numbers, passwords, user names, credit card info, and bank account information. These apps will typically have some type of malware, usually in the form of either a worm, spyware, or virus (Trojan horse or otherwise). According to the RSA’s 2019 Whitepaper on the Current State of Cybercrime, the percentage of fraudulent activity originating from mobile platforms is 70%. On average there are 82 rogue mobile apps identified each day alone, and they estimate that fraud from mobile apps has increased a staggering 680% since 2015.

It used to be that these apps were fairly easy to identify. They were mostly accessed via unofficial app stores or through email links. Most people got smart fairly quickly and understood that the best way to avoid scams was to stick to accessing apps through credible sources like the Apple App or Google Play Stores. But in recent years, links to fake Google Play stores have cropped up as well, and legitimate social media platforms like Facebook, Instagram, and WhatsApp are being used to sell stolen identities and credit card information.

But it’s not all doom and gloom. The fact that there are entire committees devoted to staying one step ahead of cybercrime is encouraging. And there are still things that you, as a consumer, can do to keep yourself safe. Let’s take a look at some of those!

  • Only use trusted sites. This one may seem obvious, but remember, cybercriminals are counting on you to have a momentary lapse in judgment and click on a link that you normally wouldn’t. If you come across a link in an email or on a website asking to download an app, go the Apple App or Google Play Store to download it directly. If you can’t find it there, then chances are it’s a rogue mobile app and you’re being targeted for a scam.
  • Read reviews. Do some homework on the app before installing it. See what others have had to say and how they rated it first. And make sure the rating makes sense. Fake or illegally modified app reviews are sadly on the rise, as well. Last year, 9to5mac.com published an article detailing accounts of how negative reviews (calling an app virtually unusable, for example) were showing up with 5 stars! Both iOS and Google have acknowledged having to identify and delete fake reviews, so they’re not unaware, but don’t rely solely on their admins to weed out bad apps.
  • Look at who developed the app. Larger institutions like banks will departments that put out the app themselves. If the developer isn’t the bank, it’s very likely to be fake. For smaller entities, check the app developer history. If they have created several apps that generally have good reviews, then it’s more likely to be legitimate,
  • Be aware of what permissions you’re being asked to give. This is a hard one sometimes because in recent years the list of permissions keeps growing. The question you must ask yourself is: do I need this app enough to want to disclose the information it’s asking for? If the answer is no, then don’t risk it.
  • Trust your gut. This nugget of wisdom never gets obsolete. If you get that cringy, unsettling feeling that won’t go away, listen to it. Go back and review the steps above. Too often we don’t want to seem like dinosaurs, left behind in the barrage of technology, while everyone around us seems to be evolving. It may take some extra effort, but if you’re still not sure, when possible, call your bank or other institution to verify that the app is not a rogue. And in the end, follow what you have peace about.

Cyber thieves are not expected to go away any time soon, but getting in the habit of practicing good cybersecurity has a cumulative effect. You’ll get better at it the more you do it, and you’ll become adept at spotting scams from the get-go. Just be aware that there is always a level of risk associated with conducting any transaction online, and use common sense. Many smartphones can be outfitted with antivirus and antimalware apps, so check with your provider to see what options are available to you.

If you enjoyed this article, sign up for our weekly emails so you can continue to stay in the know about cybersecurity and protecting your assets.

Photo by Brooke Cagle on Unsplash

The Definitive Guide on When to Use Cloud Computing

Is that really the Question?

Years ago, when I worked for a small company in the private sector, I would frequently take lunch in the break room at the same time as some guys from the IT department. Often I would overhear them joking, where inevitably, one of them would stand up, and in his best Hamlet voice (whatever that’s supposed to sound like) ask with deadpan humor: “To Cloud or Not to Cloud?! That is the question!” And they would collapse into hysterics. 

I had no idea what was so funny, but one day decided to chime in: “Well, gentleman, I guess that depends on the weather forecast!” Silence. They turned their head toward me, like synchronized swimmers. 

And stared at me.  

Then one of them glanced at his watch, and announced lunch was over. One by one they stood up and emptied the break room. All except for one. He approached my table, where I had sheepishly returned to eating my sandwich.

“I’m Tyler.” he said. “That was so not funny, it was funny.”

I looked up. “But none of our jokes are, either. Which is why it’s always so funny.” 

“So then why didn’t they laugh?” I asked. He seemed to consider this for a moment, but in the end, only shrugged. I nodded toward the empty chair across from me and he sat down. 

“So what exactly is this Cloud I keep hearing so much about? Everyone has been talking about it for so long, but I’m embarrassed to say I really don’t understand much about it. I guess I can only pretend I have a clue for so long, huh?”

Tyler’s eyes lit up. “Meet me here tomorrow at the usual time, and I’ll explain everything.” He got up and was gone. Then his head appeared from around the corner: “Don’t worry, I’ll bring the cotton balls and straws!”

I blinked. I didn’t know it at the time, but Tyler’s crash course using crude dollar-store props would prove invaluable. Especially when I left to start my own small business later on. Why am I telling you this?

Because I know some of you are reading this and I used to be you. Confused but too embarrassed to admit I didn’t know the first thing about cloud computing. And guess what? You don’t need to know everything. That’s why you have Buzz Cybersecurity. But it will help you tremendously to know the basics so you can make an educated decision about how to best protect your business and increase your efficiency at the same time. So here are the top 3 questions we get about The Cloud:

  1. What is it? The Cloud, or cloud computing, refers to storing data on the internet via a network of remote servers as opposed to on the hard drive of a personal computer. Years ago, storage was done almost exclusively on hard drives, but there are several reasons now why this is considered an outdated method. Not only are you limited to only accessing the data in terms of location, but if that drive becomes damaged, your files are lost for good unless you manually backed them up. With cloud computing, your data is uploaded and can be accessed anytime, anywhere.
  2. Why is cloud computing important? This question alone could inspire a blog all its own, but the short answer is that cloud technology makes businesses more efficient. Nowadays, business is done from coffee shops, airports, hotel rooms, and everything in between. Can you imagine being confined to one location to do business? I didn’t think so. There’s also the cost factor. Businesses are not responsible for acquiring or maintaining the resources that cloud computing offers. They only pay for the services they’ll use on a pay-as-you-go basis. And last, but not least: security. While data breaches are not 100% preventable anywhere, cloud technology offers security that is superior to anything else out there, in addition to the fact that disaster recovery that backs up and restores data is a non-negotiable in the 21st century.
  3. Can you explain the different types of cloud computing? Glad you asked! If you’re new to the concept of cloud technology, this might seem a little involved, but not to worry. Our support team will be happy to explain it in more detail later, but for now, what you need to know is that there are 3 types: IaaS (Infrastructure as a service), PaaS (Platform as a service), and SaaS (Software as a service).
    • IaaS refers to the basic infrastructure of data storage drives, virtual servers, and network operating systems. It is by far the most widely used of all the types, primarily because of the flexibility, scalability, and reliability it provides to business owners, as well as the removal of the need for having hardware in the office.
    • PaaS happens when cloud computing providers deploy the software framework and the infrastructure, while still allowing for businesses to create and run their own applications with systems strong enough to support them. This type of cloud computing is also ideal for situations where there are multiple people developing a single project.
    • Saas is primarily used when businesses pay via subscription, and involves deploying software over the internet. It’s ideal for applications that require lots of web or mobile access, as well as businesses who like the idea of their cloud solution being managed from a central location and who don’t want to manage it themselves. Great for short-term projects!

These are some basics, but it’s enough to get you started on understanding cloud technology, as well as help you avoid making lame jokes around your tekkie friends like I did. But this is just the tip of the iceberg. We highly encourage you to reach out to our team of Cloud Experts here. You’ll be glad you did. Because To Cloud or Not to Cloud isn’t really the question at this point. Of course we Cloud! After all of these years, the question is now What’s Stopping You?