fbpx

Ransomware Gets an Upgrade

Yes, you read that right. Apparently, hackers, specifically the ones conducting ransomware attacks, are now using a third-party call center to contact victims if they suspect that they’re attempting to restore backups and skip out on paying ransom demands to get data released to them. If you’re not familiar with how ransomware works, you can read our blog from earlier this year that goes into more detail.

In what appears to be a fairly new tactic starting over the summer, ransomware attackers have hired a call center in an attempt to harass and strong-arm businesses into complying with the extortion demands. While the exact location of the operation is still unknown, because the scripting being used to intimidate victims of these ransomware attacks are reportedly very similar, with only slight variations in wording, cyber police have reason to believe that the same call center is being used by several ransomware attackers, including known cyberterrorists Conti and Ryuk.

An incoming call made on behalf of the now-defunct criminal group known as Maze was recently recorded, and the callers had a heavy accent, leading experts to surmise that they were not native English speakers. Below is a redacted transcript of the call provided, originally published on zdnet.com:

“We are aware of a third-party IT company working on your network. We continue to Monitor and know that you were installing SentinelOne antivirus on all your computers. But you should know that it will not help. If you want to stop wasting your time and recover your data this week, we recommend that you discuss the situation with us in the chat or the problems with your network will never end.”

As we’ve reported in previous blogs, ransomware attacks are a type of cybercrime that has grown exponentially over the last few years; its evolution is fascinating and disturbing. In the past, ransomware extortion tactics have included doubling the ransom amount if it wasn’t paid in full by the deadline and threats to leak sensitive information online or to journalists. With the pandemic this year, hackers have found new ways to exploit companies, especially those who now have employees working from home. The ways in which they have found to wreak havoc seem endless.

And it’s not just big companies being affected. Every day people are starting to suffer, even if they’re unaware of the cause. On Dec. 1st, cyberterrorists targeted Translink, the public transportation agency used by the city of Vancouver. Translink posted a tweet confirming it was not, as originally reported, a prolonged technical issue, and only after being forced to come clean by local news outlets. When the ransom was not paid, the attack crippled operations and left untold travelers unable to use their Compass metro cards to pay their fare, nor could they purchase new tickets at the nearby kiosks. It was nearly two days before operations returned to normal. It is still an ongoing investigation with the culprit behind the attack unknown to the general public.

Translink wasn’t the only victim of a ransomware attack this month. On December 5th, it was reported that helicopter maker Kopter also suffered an internal breach that allowed hackers to steal encrypted files. When Kopter refused to negotiate with the terrorists, they published those files on the dark web a few days later as a blog on a site owned and operated by the ransomware group who call themselves LockBit. The files included sensitive data such as business documents, internal projects, and aerospace and defense industry standards.

The most stunning attack this month, however, came when cybersecurity giant FireEye was hacked by “a nation-state.” The firm is known for being the go-to for government agencies and companies worldwide who have been the target of a sophisticated cyberattack. An article in the New York Times reported that it was a theft “…akin to bank robbers, who having cleaned out local vaults, then turned around and stole the F.B.I’s investigative tools.”

FireEye reported on Dec. 8th that its systems were breached by what it referred to as a “nation with top-tier offensive capabilities” and that the hackers had gained access to tools that could be used for new attacks around the world. While they have declined to say who precisely was behind the attacks, when the F.B.I turned the case over to Russian specialists, it led many to speculate that hackers were after what the company calls Red Team Tools, which are tools that replicate the most sophisticated hacking tools in the world. At the time this blog is being written, the story is still developing.

The bottom line is that ransomware attacks are not going away anytime soon, and will continue to grow in complexity and sophistication in 2021. The best defense against a ransomware attack is, not surprisingly, a good offense. You don’t want your company to be the only car on the street with unlocked doors and no car alarm. Do everything you can to make hackers look elsewhere for an easier target.

We can help you evaluate your risk level with a free consultation. Contact us today and we will give you an honest evaluation of your company’s cybersecurity, and what can do done to close the gap on any weak spots that are making you a tempting target for cybercriminals. There’s no price on peace of mind!

As we close out what has been a difficult year for many, there’s a temptation to slack off being aware of the cyber risks out there, but the holiday season statistically sees an increase in cyberattacks, and experts are predicting that this year will be particularly bad. This year with COVID-19 restrictions hindering in-person activities, online purchases are expected to have a record-setting year. Cybercriminals are anticipating this, and will ramp up their efforts to take advantage of both unaware shoppers and unprotected businesses, looking to exploit sensitive information and data for the purpose of hacking. In this article, we take a look at how to stay one step ahead of the bad guys. We’ve done the research so you can actually enjoy your holidays with loved ones, rather than having to be on guard duty 24/7.

  1. Be Careful With Holiday-Themed Emails. Retailers go out of their way to send out emails touting sales and special deals, and they all look really shiny! And by all means, take advantage of those savings, but understand that phishing emails will also look festive. Pay particular attention to an email if you don’t recognize the sender, or it’s rife with spelling errors. That might be a clue that someone overseas is trying to get you to give your credit card information, or open an email with a virus attached to it.
  2. Slow Down. We’ve all clicked on a deal, only to see a pop up telling us that the special price is only available for a limited time—sometimes only minutes! Personally, I click right out of these because retailers often use this tactic to pressure you into making a bad decision that will result in buyer’s remorse, but hackers also use it to get you to throw caution to the wind, enter your credit card information, and click the buy button before you’ve really checked out the site. It’s OK to slow down and take a minute to make sure you trust the retailer on the other end.
  3. Beware of Phone Phishing Scams. I don’t know about you, but during the month of December, I am working to meet deadlines faster so I can have more time to bake cookies, attend parties, and savor the moments of peace and joy that are unique to this time of year. And all the while, I’m juggling phone calls and emails from clients. Normally, I don’t answer the phone if I don’t recognize a number, but I’ve occasionally broken my own rule, and there is usually someone on the other end trying to sell me something. They’re typically harmless telemarketers, but one time in particular I remember the person on the other end had an air of urgency and needed to verify me before he would even explain what the call was about. And when I say verify, he needed me to confirm my mother’s maiden name and the last 4 numbers of my social security number! When I refused, he tried to intimidate me with vague consequences that made me laugh out loud and hang up. Stay vigilant—this time of year scammers are counting on you juggling ten things at once and hoping you’ll have a momentary lapse in judgment.
  4. If You Must Work While Mobile, Be Extra Aware of The Risks. Many people wind up working during the holidays from hotels, airports, and anyplace that has free WiFi. But there are additional risks that come with working on-the-go, so be sure that you’re not using an unsecured network. Hackers will sit in coffee houses and lie in wait for unsuspecting victims who are tired, working against a deadline, and figure that using the free WiFi this one time won’t hurt. Trust us, it’s not worth it. A moment in lapsed judgment can wind up costing you thousands of dollars, and damage your professional reputation when you have to explain to clients how their information got leaked.
  5. Pay Attention to Your Server Activity. Server mining happens with more frequency during periods of shutdown, like holidays, when schools, businesses, and others are not using the majority of their server capacity. You’ll want to keep an eye on the activity level, and if it seems off to you, make sure to look into it right away. Buzz Cybersecurity offers Managed IT Services that can help with this.
  6. Keep You Updates Updated! The excitement of getting to see family, coupled with fast-approaching deadlines means that during the holidays, many companies and employees are more likely to put off patching until the beginning of the year, and hackers will look to take advantage of this. Updates and restarts are often seen as a frustrating barrier to getting out the door and often get overlooked, but take the time to audit. You know what they say about an ounce of prevention.
  7. Keep the Faith. As we celebrate the holidays, we want to encourage you to keep your faith in things above, and not in too-good-to-be-true sales and specials that make grandiose promises. If you get a nagging feeling that something isn’t right, don’t ignore that. At Buzz Cybersecurity, we like to think that we all have a built-in sense of discernment that helps to protect us when others would seek to harm us in some way. We encourage you to pay attention to that.

We hope you and your loved ones enjoy the happiest of holidays and stay safe. And if you want to have us run a diagnostic on how you’re doing with protecting your assets, contact us so we can help you to have peace of mind this holiday season.

What You Need to Know About The Latest Ragnar Locker Ransomware Attack

The Ragnar Locker Virus is not one you may have heard about, but if you’re a gamer, you’ll be hearing plenty about it soon enough. It’s been around for roughly a year, making its debut in December of 2019. It is a data encryption malware that specifically targets Microsoft Windows operating systems, and it appears to be more sophisticated than its predecessors. This new ransomware made headlines this week when it was revealed that on November 5th videogame giant Capcom succumbed to an attack that affected certain systems like file systems and emails and reportedly encrypted 1 terabyte of sensitive data. If you are unfamiliar with what ransomware attacks are, we’ve covered it in a previous blog, so click here to get caught up and then come back and finish reading!

Anyone who has played “Resident Evil”, “Darkstalkers”, or “Street Fighter” will be familiar with the multi-million dollar Japanese gaming company that started back in the late 1970s. And although they are claiming that no customer data was stolen, we thought it was still worth looking into. The attack was first detected on the morning of Monday, November 2nd when it was confirmed that an unauthorized third party hacked into their database. Capcom halted some of its internal operations later that day.

“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders.” the company stated in a release on its website. “ Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites”.

According to their website, they have involved police and other authorities to aid them in their investigation. You can read their official statement here. According to Bleeping Computer, a website that covers technology news, they got a copy of the ransom note delivered to Capcom, and it claims that the cyber-terrorists downloaded more than 1 TB of company data which included financial files and banking statements, corporate agreements and contracts, intellectual property, non-disclosure agreements, and private corporate correspondences such as emails, audit reports, and marketing presentations.

So be aware that if you have every shared any sensitive information with Capcom, it is possible that it may very well be in the hands of cyber-criminals, and be extra cautious of any suspicious emails claiming to be from them.

How is Ragnar Locker Ransomware different?

This year in general has seen a spike in normal ransomware targeting, with hospitals, universities, and even county elections falling victims to malicious attacks. Cyber-terrorists are particularly ruthless because they have leveraged every possible advantage during the pandemic to grow rich off of the misfortune of others.

Case in point: earlier this year in April, Portuguese media reported that Energias de Portugal, an international energy giant, and one of the largest European operators in energy and wind sectors, was hit by a Ragnar Locker attack while the country was experiencing a state of emergency due to COVID-19. There are conflicting reports as to how much money was demanded, but it was rumored to be close to 10 million euros. It is also widely believed that many of these types of ransomware operations are created in Russia or other CIS countries. The following is an actual Ragnar Locker ransom note:

“It’s not late to say happy new year right? but how didn’t i bring a gift as the first time we met #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won’t decrypt your files without our tool but don’t worry,you can follow the instructions to decrypt your files

1.obviously you need a decrypt tool so that you can decrypt all of your files

2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay

3.i will reply a specific price e.g 1.0011 or 0.9099 after i received your mail including your DEVICE ID

4.i will send your personal decrypt tool only work on your own machine after i had check the ransom paystatus

5.you can provide a file less than 1M for us to prove that we can decrypt your files after you paid

6.it’s wise to pay as soon as possible it wont make you more losses

the ransome: 1 btcoin for per machine,5 bitcoins for all machines

how to buy bitcoin and transfer? i think you are very good at googlesearch

[email protected]

[email protected]

[email protected]

Attention:if you wont pay the ransom in five days, all of your files will be made public on internet and will be deleted.”

What distinguishes Ragnar Locker Ransomware from other types of ransomware is that it is significantly more sophisticated than its predecessors. Specifically, its a new data encryption malware, that as we mentioned previously, targets operating systems that run on Microsoft Windows.

Ragnar Locker is not a one-and-done virus. The attack rolls out in stages. First, the cyber-criminals inject a module that will collect sensitive data from machines that have already been compromised and infected. From there, that data is uploaded to their servers. The perpetrators behind the malware then notify the victim of the breach, and that this sensitive data will be released to the public if a ransom is not paid.

Ragnar Locker Prevention

At present time, it’s estimated that over 80,0000 companies are vulnerable to this type of attack, with entities in the United States topping the list.

There are two main things you can do to protect your business and lessen the chances that your data will be held for ransom. The first is ensuring that any CITRIX ADC servers are up to date and that your CVE-2019-19781 vulnerability is patched. The second is making sure that Windows 10 Tamper Protection is turned on.

If this terminology is confusing and you sense that you’re in over your head, trust your gut and reach out to us to schedule a free consultation to talk about creating and implementing a Disaster Recovery Plan for you today!

Photo by Mateo Vrbnjak on Unsplash

How real is the threat of election results being hacked?

As we’ve posted here on the Buzz Blog previously, cybersecurity is an ever-growing concern, especially since so many things have shifted to a remote setting since the COVID-19 pandemic hit earlier this year. And let’s be honest, it was an issue before your banker was servicing your account while the dog begs for a treat and her toddlers play on the carpet in the other room. The question though that is on the minds of many people is just how real the threat is in the context of the elections coming up. It’s impossible to accurately predict this with 100% certainty, but we’d like to take a look at some of the very real and valid concerns that people have.

To begin with, many people have questions about election security itself. How safe are the databases that store voters’ sensitive information? In 2016 it was confirmed by CBS News that the state election databases in Arizona and Illinois had been hacked. If that weren’t bad enough, at the Black Hat convention earlier that year, it was proven that voter smart cards could be used to vote multiple times. And when not all states are using a paper ballot verification system, this is concerning.

But how exactly does a voting machine get hacked? To start with, there are two types of voting machines: paper and electronic. And the problem with many electronic machines is that they are over a decade old. These machines were designed in a time when cyberattacks, while by no means unheard of, at the very least were less rampant. And the software, issued by companies like Microsoft, isn’t being updated. And because most voting machines don’t have firewalls to prevent unauthorized remote access, it’s not hard for an attacker in close proximity to target an attack with the intent of taking over the device.

We’ll talk about what can be done in light of these concerning revelations, but first, we’d be remiss if we didn’t take this opportunity to point out that cybercriminals also look to exploit the interest people take in the elections by flooding every available channel with malicious spam. Clickbait stories go out every day in emails with the hopes that people will unknowingly open and forward them, spreading malware. We’ve heard from people who had a check in their gut, but opened a suspicious email anyway and now regret it. The best advice we can give you here is that if something doesn’t feel right—pay attention to that. It’s better to double-check the source of a suspicious email and be safe.

Cybersecurity’s role in helping limit the risk of exposure

Most experts agree that election officials need to take a more revolutionized approach to prevent hacking and prevent being left behind as other industries move towards modernization and digitizing outdated infrastructure. A recent article by Security Magazine identifies 9 major election infrastructure components that are necessary in order for any election to be deemed secure, accurate, fair, and accessible:

  • Voter registration and database systems
  • Electronic poll book/onsite voter registration systems
  • Vote capture devices
  • Vote tally systems
  • Election night reporting systems
  • State and other county systems that process election data
  • Traditional and social media communication applications used for situational reporting
  • Vendor election equipment/service architectures

They also recommend that elections jurisdictions bring in a cybersecurity and advisory consulting team to assess whether there are any weaknesses in any of the above areas. Cybersecurity experts can more readily identify these areas because they are trained to know what patterns to look for. Doing so will reinforce the local elections jurisdictions to be able to pinpoint important security issues and target them for quick remediation, better understand how prepared they are to respond quickly to a security event, and be able to evaluate the strategic priority of using certain methods to reduce methods and frequency of attack.

The Bottom Line

Circling back to our original question: Can the elections be hacked? The answer is yes. There are definitely enough weak links in the system countrywide. And although a cyberattack is preventable, with the election being days away, it’s unlikely that steps will be taken between November 3rd at 7pm and the time that this blog goes to print.

If a prototype of an election cybersecurity program could be implemented, it should include precepts that would empower an election jurisdiction to pinpoint, isolate, and update any obsolete OSes on election business systems, as well as routinely conduct elections cyber-maturity assessments. Some experts advocate only using paper ballots.

The most important thing right now is to keep asking probing questions and continue to advocate for updated protocols and systematic approaches that will streamline the process and make attacks harder to succeed. While we have no doubt that these very attacks will continue to get more sophisticated and more frequent, we remain optimistic that continued vigilance and education will reduce the chances that elections will continue to be hacked.

Photo by Element5 Digital on Unsplash

Are you really at risk?

In 2020, Cybercrime was up 600% due to the COVID-19 pandemic. Unfortunately, the threat of being hacked, having data hijacked, or even worse, being held for ransom is not going away. But many businesses don’t see a need to stay up-to-date on protecting their assets. Especially if they are one of the 30.7 million small businesses in the United States. Most people however assume that they are too small or too under-the-radar to attract the attention of would-be cyber terrorists. They would be dead wrong. While it’s true that big corporations are responsible for more data, it’s the smaller entities, usually those with with less than 1,000 employees, that are often least equipped to handle an attack and make them tempting targets. So let’s look at what exactly an assessment entails, as well as a few reasons why it makes complete sense to have a cyber risk assessment done and why it’s actually very foolish not to.

What is a Cyber Risk Assessment?

Simply put, a cyber risk assessment is a service offered by a cybersecurity company to help you evaluate areas where you are susceptible to an attack in the near future. Buzz Cybersecurity offers a comprehensive assessment at no charge. This is a proactive approach that will give you valuable information on how your business is doing: if you’re in good shape, then you gain peace of mind; if not, we will suggest a targeted approach to give you steps to lessen your vulnerability.

But don’t just leave it up to chance. Here are some reasons why you need a yearly assessment.

  1. Your staff is not tech-savvy. No need to be embarrassed about this one—most companies are in the same boat. And to be fair, it’s not really your employees’ job to be cybersecurity. And most are not trying to be sloppy, they’re just preoccupied with the day-to-day demands of the business. And even long-time employees who have been through compliance training may still fall victim to security scams. Hackers get more clever every year, so don’t leave it up to your employees to wear a security hat on top of everything else they’re doing.
  2. You have employees using their own devices. This is of course more common in the aftermath of COVID-19, but you may have employees using their own devices that you may not have considered. Do you use any freelance services like graphic design or copywriters? They are most likely sitting in a coffee shop on their mobile device or laptop, and quite possibly using the free WiFi.
  3. You’re uncertain about meeting regulatory compliance requirements. Some businesses are required to meet certain regulations, especially in the areas of educational settings, finance, healthcare, or energy. One of the benefits of having a security risk assessment is that it will uncover any areas where your business is not in compliance. Once an assessment is done, recommendations can be made to make sure you stay in compliance.
  4. You might have made a few enemies along the way. Nobody wants to imagine that a former employee would do anything deliberate to sabotage you company. We’ve covered this topic at length in our August blog Mitigating the Risks of Insider Data Theft so we won’t go into a lot of discussion here but you’ll want to have a professional risk assessor go over any possible situations that could be leaving you vulnerable to data theft after an employee has moved on.
  5. Outdated technology. All of those updates and patches you’ve been ignoring? It could cost you significantly down the road. And as technology gets older, it often stops supporting even those. At the time this blog is being written, updates to Windows 7 are currently being phased out for good. And make no mistake, hackers know better than anyone.
  6. Overlooking the establishment of data control policies. Many companies don’t even have any policy in place when it comes to controlling their data. This is a big miss. As mentioned earlier, employees may be using unprotected WiFi, but it goes beyond that. Personal devices can be stole or lost, and USB drives are easily misplaced. It leaves not just one, but potentially several holes in the armor protecting your data. Having a cyber risk assessment will help you to determine your vulnerabilities and close the gaps.
  7. Peace of mind. This last one might seem obvious, but oftentimes business owners or executives put little value on having the ability to focus 100% of their attention on the tasks right in front of them. They instead assume they will simply put out fires as they go, if and when they happen. This approach to operations is, in our opinion, short-sighted at best. It’s no different than skipping a regular visit to the dentist or the eye doctor. The pro-active approach to cybersecurity always leaves a business in a position of empowerment and preparedness.

One final thought concerning cyber risk assessments: don’t cut corners. You may be tempted to take stock of your situation and tally the results yourself, but this can actually cost you in the end since most business owners don’t know all the places to look for possible entry points where hackers can get in. With Buzz Cybersecurity, we’ll generate a report that will list any vulnerabilities we find in your notwork, as well as realistic solutions that will make it more difficult for cyber criminals to make you the victim of one of their attacks. So if you found yourself nodding your head at any of the key points listed above, don’t put off a cyber risk assessment any longer. It’s free and it’s the right thing to do to protect your assets. You’ve worked hard to make your company what it is today—don’t leave the door open for someone to come in and help themselves to it all.

Dear Reader: It’s not too late to schedule a free risk assessment before 2020 is over! Start 2021 with peace of mind by contacting us today!

Photo by Scott Graham on Unsplash

What are they and are you at risk?

Here at Buzz Cybersecurity, we never stop looking out for our clients and readers when it comes to the evolving world of data breaches, viruses, and other threats to your security. So this time, we wanted to take a closer at a type of malware that isn’t necessarily new, but many people are still unaware of: the rogue mobile app.

Phishing is still #1 when it comes to global fraud, but rogue mobile apps have become more prevalent in scams over the past few years and sit in the #2 spot. With more apps coming out every year, pewresearch.org reports that 6 in 10 Americans prefer getting their news via their mobile devices, such as smartphones or tablets, versus the traditional desktop or laptop. Thieves understand this, and are more than willing to capitalize on the opportunity to get you to download something while being distracted: on the subway ride home, checking your phone while your date is in the bathroom, or simply after a long day at work.

Simply put, rogue mobile apps are created for the sole purpose of gathering sensitive information stored on your phone. Think phone numbers, passwords, user names, credit card info, and bank account information. These apps will typically have some type of malware, usually in the form of either a worm, spyware, or virus (Trojan horse or otherwise). According to the RSA’s 2019 Whitepaper on the Current State of Cybercrime, the percentage of fraudulent activity originating from mobile platforms is 70%. On average there are 82 rogue mobile apps identified each day alone, and they estimate that fraud from mobile apps has increased a staggering 680% since 2015.

It used to be that these apps were fairly easy to identify. They were mostly accessed via unofficial app stores or through email links. Most people got smart fairly quickly and understood that the best way to avoid scams was to stick to accessing apps through credible sources like the Apple App or Google Play Stores. But in recent years, links to fake Google Play stores have cropped up as well, and legitimate social media platforms like Facebook, Instagram, and WhatsApp are being used to sell stolen identities and credit card information.

But it’s not all doom and gloom. The fact that there are entire committees devoted to staying one step ahead of cybercrime is encouraging. And there are still things that you, as a consumer, can do to keep yourself safe. Let’s take a look at some of those!

  • Only use trusted sites. This one may seem obvious, but remember, cybercriminals are counting on you to have a momentary lapse in judgment and click on a link that you normally wouldn’t. If you come across a link in an email or on a website asking to download an app, go the Apple App or Google Play Store to download it directly. If you can’t find it there, then chances are it’s a rogue mobile app and you’re being targeted for a scam.
  • Read reviews. Do some homework on the app before installing it. See what others have had to say and how they rated it first. And make sure the rating makes sense. Fake or illegally modified app reviews are sadly on the rise, as well. Last year, 9to5mac.com published an article detailing accounts of how negative reviews (calling an app virtually unusable, for example) were showing up with 5 stars! Both iOS and Google have acknowledged having to identify and delete fake reviews, so they’re not unaware, but don’t rely solely on their admins to weed out bad apps.
  • Look at who developed the app. Larger institutions like banks will departments that put out the app themselves. If the developer isn’t the bank, it’s very likely to be fake. For smaller entities, check the app developer history. If they have created several apps that generally have good reviews, then it’s more likely to be legitimate,
  • Be aware of what permissions you’re being asked to give. This is a hard one sometimes because in recent years the list of permissions keeps growing. The question you must ask yourself is: do I need this app enough to want to disclose the information it’s asking for? If the answer is no, then don’t risk it.
  • Trust your gut. This nugget of wisdom never gets obsolete. If you get that cringy, unsettling feeling that won’t go away, listen to it. Go back and review the steps above. Too often we don’t want to seem like dinosaurs, left behind in the barrage of technology, while everyone around us seems to be evolving. It may take some extra effort, but if you’re still not sure, when possible, call your bank or other institution to verify that the app is not a rogue. And in the end, follow what you have peace about.

Cyber thieves are not expected to go away any time soon, but getting in the habit of practicing good cybersecurity has a cumulative effect. You’ll get better at it the more you do it, and you’ll become adept at spotting scams from the get-go. Just be aware that there is always a level of risk associated with conducting any transaction online, and use common sense. Many smartphones can be outfitted with antivirus and antimalware apps, so check with your provider to see what options are available to you.

If you enjoyed this article, sign up for our weekly emails so you can continue to stay in the know about cybersecurity and protecting your assets.

Photo by Brooke Cagle on Unsplash

7 Ways to fight a growing cyber threat in the new remote employee culture

Insider data theft is a sobering thought. As a business owner, you can install specialized antivirus software, train your employees on how to spot a phishing email, and invest in a company that provides superior network monitoring, but none of that will do any good if your enemy is already within your walls.

Now don’t misunderstand. You need to be doing all of those things; I’m not advocating that you skip any of those steps in securing your business (Buzz Cybersecurity offers a free audit to help ensure you’ve got the basics covered), but with an unprecedented number of employees working from home due to the current Covid-19 situation, you need to entertain the possibility that someone in your organization may be willing to steal from you at some point in the future. Or already is. If you have a smaller organization, that can feel like a personal betrayal. Some may not even want to entertain the thought. But the majority of your employees are good, trustworthy people and will thank you for taking these steps because data theft puts their jobs at risk, too.

For the purposes of what we’re discussing in this blog, we’re excluding data breaches that occur accidentally via authorized viewing of data where no information is shared, lost or stolen devices, or malicious attacks coming from outside your company. While costly, they are a separate conversation. If you’d like more information on ransomware attacks, click here. This article is only going to deal with those employees who, for reasons ranging from selfish financial gain to righting a perceived wrong done to them by your company, have made an intentional decision to break the law and shares confidential data with others for the intent of causing harm to an individual or company.

What Can I Do?

  1. Evaluate and classify all sensitive data. Most people don’t think like criminals, but for this to work, you have to take a step back and look at your assets objectively. What do you have in your possession that is most valuable if leaked and therefore more likely to be the target of theft? Make a list of what systems hold this information and create a security governance policy to make it harder to access this type of data. Revisit your list at least twice a year to make sure it’s current.
  2. Limit the number of people you trust with access to sensitive data, and limit the amount of access they have. In 2018, Tesla learned this the hard way. According to CEO Elon Musk, a disgruntled employee was responsible for making “direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.” The electric car company decided to forgo limiting the privileged access it allowed it’s employees to have, and according to CNBC, it cost the company a staggering $167 million dollars in damages. And while it’s common sense that no company will ever be 100% safe against these types of attacks, this particular incident is considered unfortunate because it could have been avoided.
  3. Give people overlapping shares of trust. This is basically a system of checks and balances. It ensures that no one person has a singular Osterhagen Key that allows them to take out your company. You don’t want to give one person the ability to launch the nuclear warheads, and most employees will appreciate not being put in a position to wield such responsibility or to yield to temptation.
  4. Monitor employee activity. No one likes to be Big Brother, but sensible employees will understand the benefits of working from home—namely less money spent on gas, eating out, work attire, not to mention more time to sleep and spend with family—far outweigh the need for companies to monitor for safety. Plus, anything they need to do on a personal level that they don’t want you to be privy to can be done on their PC or phone. Take a proactive approach to detect suspicious behavior when it occurs, rather than waiting for a breach.
  5. Establish an acceptable use policy and then educate your employees about it. Having an official corporate policy about what is and what is not acceptable when it comes to using your company’s data. Then make sure all employees go through training that makes them accountable for what they’ve learned. Don’t assume that it’s common sense. And make sure employees know the legal consequences that will be taken should they be caught stealing company information.
  6. Establish an anonymous tip line. Peers will often be the first to notice a co-worker’s suspicious behavior. Giving them a means to report unusual or erratic behavior will encourage your employees to come forward, especially if they are assured that they will not be subject to any retaliation because they can remain anonymous. Some may feel that this makes them a snitch, so it’s your job to help themselves realize that they’re actually being a hero, because not only could they be saving your company from financial ruin, but in the process, they’re helping to save their own jobs and the jobs of their friends.
  7. Pay attention when an employee leaves your company, even when it’s on good terms. Don’t delay when it comes to terminating all employee accounts. Make sure any access to get back into your facility is revoked, and remove the employee from all access lists. You may be tempted to only do this when an employee is “disgruntled,” but making this a standard operating practice when a person departs your company will ensure that no one slips in through a door that should have never been left open.

Ready to take the next step in protecting your company and your livelihood?

Reach out to us today for a free consultation!

NOTE: if you have already been the victim of a ransomware attack, please contact us immediately.

While you’re running your business, there are evil people thinking up new ways every day to steal your hard-earned dollars. It seems like they never sleep. You’ve taken steps to ensure that you won’t be an easy target like installing good alarm systems, running background checks on potential employees, and hiring security guards (or you yourself carry). And that’s great for threats you can see, but what about the virtual bad guys? How do you fight them? Sadly, many companies never think about this until it’s too late. Kudos to you for taking the time to research cybersecurity threats and how to protect your assets. Ransomware has become one of the most costly types of malware in the last decade. At Buzz Cybersecurity, we have seen this happen and it’s never pretty. You’re probably wondering how to prevent ransomware. Let’s take a more in-depth look at it and how you can avoid becoming a victim.

What is ransomware?

In layman’s terms, ransomware is a type of malware that gets its name from the fact that the attackers gain access to data and hold it hostage for a ransom. This is known as cryptoviral extortion. Cybercriminals can block the company’s access, or if its particularly sensitive data, threaten to make it public if the demands are not met. Such attacks are becoming more frequent and more brazen. Earlier this month Variety reported that a group known as REvil claimed to have dirt on President Donald Trump and threatened New York law firm Grubman Shire Meiselas & Sachs with a data dump if they did not receive $42 million within 7 days, doubling their fee after the firm made an offer of $365,000. To show they meant business, and as a possible punishment for what they considered an insulting offer, REvil published a 2.4 GB document containing another client’s info: Lady Gaga’s contracts for concerts, TV appearances, and merchandising. Since payment is typically demanded in Bitcoin or some other cryptocurrency, tracing the ransom and making arrests are still very difficult. Research shows that 70% of those infected with ransomware have paid to get their data back, even when advised not to by law enforcement, so there seems to be little incentive for these cyber-terrorists to stop anytime soon.

How do ransomware attacks work?

Most ransomware attacks begin with an unsuspecting employee opening an email attachment that has a trojan disguised as a legitimate file. (Although it should be noted that much is still unknown about how some attacks were able to take place; in 2017 computers using Microsoft Windows were the target of the “WannaCry Worm,” which traveled between computers without user interaction) Once released, the malware is able to encrypt the user’s data, usually by tricking him or her into giving it admin access. However, if a company has significant security holes, aggressive malware may not need to trick the recipient. A message is then sent to the victim with instructions on how to pay the ransom electronically. Once received, a mathematic key is sent to the company so the files can be unlocked.

What’s at stake?

In 2019, ransomware is estimated to have caused organizations global damage to the sum of $11.5 billion dollars. The average amount a company would pay last year was $41,000. But according to an article in Forbes Magazine, that number has more than doubled in 2020 to over $84,000. That includes lost revenue, hardware replacement, and repair costs, but the damage to a company’s brand is harder to gauge. And while 98% of those who paid did get an encryption tool, on average they still lost 3% of their files. That may not sound like much, but remember, there is no guarantee that you will be one of the lucky ones that are dealing with a thief who intends to honor their word in the first place and give you anything. And you should also expect your normal IT duties to take a backseat during recovery. It can take many, many hours to get things back to where they need to be.

Who’s at risk?

You might think that because you’re a small business, hackers will bypass you in favor of larger corporations who will be able to pay a larger ransom. And that’s what they are counting on. While it’s true that government agencies, big law firms, and medical facilities make tempting targets because they are more likely to pay up quickly, often times targets are chosen because of ease of opportunity: smaller businesses don’t always have the security measures in place that keep the bad guys from finding the weak link in the fence. According to an article by CNBC published late last year, 43% of small businesses are targeted, but only 14% are prepared to defend themselves. And as we like to say here at Buzz, the best defense is a good offense.

Steps you can take starting now

The truth is that no organization is immune to ransomware, but there are some things you can do to ensure that you are less of a target and mitigate the damage if you are attacked.

  1. Take stock of your current situation. This is a step you cannot afford to skip. By keeping your operating system patched and up-to-date, you make it harder for cyber thieves to exploit you. If you’re not sure what to look for, Buzz Cybersecurity has a free audit that you can take advantage of to ensure you don’t have “open doors” that are inviting an attack.
  2. Back up your files- frequently! While this won’t stop a ransomware attack, it at least ensures that you have a disaster plan recovery (DPR) in place that will make the damage much less significant.
  3. Invest in anti-virus software. Again, nothing is foolproof, but a good system will detect malware programs and may prevent ransomware from successfully getting access to your data. Don’t assume though that the software that was included with your PC is going to meet your needs. We can help you look at the variables that you need to consider when choosing the right software that will protect your most valuable data.
  4. Educate yourself and your employees. It’s not enough for you to know what to do to prevent an attack. You should look to bring your entire team on board so everyone can work together. We offer a program called Lunch & Learn that’s free for your company, and we cover things like the basics of malware, how to spot and avoid a potential phishing email, protecting credentials, and what to do if an employee suspects there has been a breach.
  5. Network monitoring. You can’t be everywhere at once, so we recommend having an added safety net in place. There are some free tools available out there, but again, like anti-virus software, it may be missing key features that you need. Because of the many drawbacks such as not being able to upgrade and most not offering any support should you need it, many in upper management are not comfortable using these tools and we can’t say we blame them. The fact is these products will not give you the same stability or reliability as a paid commercial tool. We started off talking about threats you can see- and in the same way that a good home security system protects your loved ones and gives you peace of mind, Buzz Cybersecurity specializes in actively monitoring your “cyber-home” during an attempted break in.

These steps are not all-inclusive, but some basics to get you started. We’re happy to talk IT shop with you if you want to take the next step. Or sign up to get our emails and stay in the loop on the constantly evolving world of cybersecurity. You’ve put your blood, sweat, and prayers into your business. Don’t let some punk who’s never worked an honest day in their life swoop in and take it from you.

Image by Pete Linforth from Pixabay