CyberSecurity

533 Million Facebook Users Data Breached


Facebook is by far the largest and most popular social media platform used today. With 2.8 billion users and .84 billion daily active users, it controls nearly 59% of the social media market. With that many users, one can only imagine the amount of data produced and collected by Facebook every second. A majority of the data collected is personal information on its users. The social tech platform collects its user’s names, birthdays, phone numbers, email addresses, locations, and in some cases photo IDs. All of this information can be maliciously used if it got into the wrong hands, which is why numerous people are worried about the latest Facebook data breach. 

Microsoft Exchange Server Hack – Everything You Should Know



What happened with the Facebook Data Leak?

The most recent Facebook data leak was exposed by a user in a low-level hacking forum who published the phone numbers and personal data of hundreds of millions of Facebook users for free. The exposed data includes the personal information of over 533 million Facebook users from 106 countries. The leaked data contains phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

The leak was discovered in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a price. A Facebook spokesperson is claiming that the data was scraped because of a vulnerability that the company patched in 2019. Data scraping is a technique in which a computer program extracts data from human-readable output coming from another program. The vulnerability uncovered in 2019 allowed millions of phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019.

However, the scraped data has now been posted on the hacking forum for free, making it available to anyone with basic data skills. The leaked data could be priceless to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.

Who’s Running on AWS – Featuring Twitter



What caused the Facebook data breach?

When Facebook was made aware of the data exposed on the hacking forum, they were quick to say that the data is old from a break that occurred in 2019. Basically, they’re saying this is nothing new, the data has been out there for some time now and they patched the vulnerability in their system. In fact, the data, which first surfaced back in 2019, came from a breach that Facebook did not disclose in any significant detail at the time. Facebook never really let this data breach be publicly known. 

Uncertainty with Facebook’s explanation comes from the fact that they had a number of breaches and exposures from where the data could have come from. Here is a list of recent Facebook “data leaks” in recent years:

  • April 2019 – 540 million records exposed by a third party and disclosed by the security firm UpGuard
  • September 2019 – 419 million Facebook user records scraped from the social network by bad actors before a 2018 Facebook policy change
  • 2018 – Cambridge Analytica third-party data sharing scandal
  • 2018 – Facebook data breach that compromised access tokens and virtually all personal data from about 30 million users

Facebook eventually explained that the most recent data exploit of 533 million user accounts is a different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature. Facebook says it patched the weak point in August 2019, but it’s uncertain how many times the bug was exploited before then.



How can you find out if your personal information is part of the Facebook breach?

With so much personal information on social media today, you’d expect the tech giants to have a strong grip on their data security measures. With the latest Facebook breach, a large amount of data was exposed including full names, birthdays, phone numbers, and locations. Facebook says that the data leak originated from an issue in 2019, which has since been fixed. Regardless, there’s no way to reclaim that data. A third-party website, haveibeenpwned.com, makes it easy to check if you’re data was part of the leaked information. Simply, input your email to find out.  Though 533 million Facebook accounts were included in the breach, only 2.5 million of those included emails in the stolen data. That means you’ve got less than a half-percent chance of showing up on that website. Although this data is from 2019, it could still be of value to hackers and cybercriminals like those who take part in identity theft. This should serve as a reminder to not share any personal information on social media that you don’t want a stranger to see.



Open Source Software

Open-source Software (OSS)

Open-source software often referred to as (OSS), is a type of computer software in which source code is released under a license. The copyright holder of the software grants users the rights to use, study, change and distribute the software as they choose. Originating from the context of software development, the term open-source describes something people can modify and share because its design is publicly accessible. Nowadays, “open-source” indicates a wider set of values known as “the open-source way.” Open-source projects or initiatives support and observe standards of open exchange, mutual contribution, transparency, and community-oriented development.

What is the source code of OSS?

The source code associated with open-source software is the part of the software that most users don’t ever see. The source code refers to the code that the computer programmers can modify to change how the software works. Programmers who have access to the source code can develop that program by adding features to it or fix bugs that don’t allow the software to work correctly.

If you’re going to use OSS, you may want to consider also using a VPN. Here are our top picks for VPNs in 2021.

Examples of Open-source Software

For the software to be considered open-source, its source code must be freely available to its users. This allows its users the ability to modify it and distribute their versions of the program. The users also have the power to give out as many copies of the original program as they want. Anyone can use the program for any purpose; there are no licensing fees or other restrictions on the software. 

Linux is a great example of an open-source operating system. Anyone can download Linux, create as many copies as they want, and offer them to friends. Linux can be installed on an infinite number of computers. Users with more knowledge of program development can download the source code for Linux and modify it, creating their customized version of that program. 

Below is a list of the top 10 open-source software programs available in 2021.

  1. LibreOffice
  2. VLC Media Player
  3. GIMP
  4. Shotcut
  5. Brave
  6. Audacity
  7. KeePass
  8. Thunderbird
  9. FileZilla
  10. Linux

Setting up Linux on a server? Find the best server for your needs with our top 5.

Advantages and Disadvantages of Open-source Software

Similar to any other software on the market, open-source software has its pros and cons. Open-source software is typically easier to get than proprietary software, resulting in increased use. It has also helped to build developer loyalty as developers feel empowered and have a sense of ownership of the end product. 

Open-source software is usually a more flexible technology, quicker to innovation, and more reliable due to the thousands of independent programmers testing and fixing bugs of the software on a 24/7 basis. It is said to be more flexible because modular systems allow programmers to build custom interfaces or add new abilities to them. The quicker innovation of open-source programs is the result of teamwork among a large number of different programmers. Furthermore, open-source is not reliant on the company or author that originally created it. Even if the company fails, the code continues to exist and be developed by its users. 

Also, lower costs of marketing and logistical services are needed for open-source software. It is a great tool to boost a company’s image, including its commercial products. The OSS development approach has helped produce reliable, high-quality software quickly and at a bargain price. A 2008 report by the Standish Group stated that the adoption of open-source software models has resulted in savings of about $60 billion per year for consumers. 

On the flip side, an open-source software development process may lack well-defined stages that are usually needed. These stages include system testing and documentation, both of which may be ignored. Skipping these stages has mainly been true for small projects. Larger projects are known to define and impose at least some of the stages as they are a necessity of teamwork. 

Not all OSS projects have been successful either. For example, SourceXchange and Eazel both failed miserably. It is also difficult to create a financially strong business model around the open-source concept. Only technical requirements may be satisfied and not the ones needed for market profitability. Regarding security, open-source may allow hackers to know about the weaknesses or gaps of the software more easily than closed source software. 

Benefits for Users of OSS

The most obvious benefit of open-source software is that it can be used for free. Let’s use the example of Linux above. Unlike Windows, users can install or distribute as many copies of Linux as they want, with limitations. Installing Linux for free can be especially useful for servers. If a user wants to set up a virtualized cluster of servers, they can easily duplicate a single Linux server. They don’t have to worry about licensing and how many requests of Linux they’re authorized to operate.

An open-source program is also more flexible, allowing users to modify their own version to an interface that works for them. When a Linux desktop introduces a new desktop interface that some users aren’t supporters of, they can modify it to their liking. Open-source software also allows developers to “be their own creator” and design their software. Did you know that Witness Android and Chrome OS, are operating systems built on Linux and other open-source software? The core of Apple’s OS X was built on open-source code, too. When users can manipulate the source code and develop software tailored to their needs, the possibilities are truly endless.

Malvertising Simply Explained

What is Malvertising?

Malvertising (a combination of the two words “malicious and advertising”) is a type of cyber tactic that attempts to spread malware through online advertisements. This malicious attack typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and websites. The code then redirects users to malicious websites, allowing hackers to target the users. In the past, reputable websites such as The New York Times Online, The London Stock Exchange, Spotify, and The Atlantic, have been victims of malvertising. Due to the advertising content being implanted into high-profile and reputable websites, malvertising provides cybercriminals a way to push their attacks to web users who might not otherwise see the ads because of firewalls or malware protection.

Online advertising can be a pivotal source of income for websites and internet properties. With such high demand, online networks have become extensive in to reach large online audiences. The online advertising network involves publisher sites, ad exchanges, ad servers, retargeting networks, and content delivery networks.  Malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.

Protect your business’s data by setting up a zero-trust network. Find out how by reading the blog.

How Does Malvertising Get Online?

There are several approaches a cybercriminal might use, but the result is to get the user to download malware or direct the user to a malicious server. The most common strategy is to submit malicious ads to third-party online ad vendors. If the vendor approves the ad, the seemingly innocent ad will get served through any number of sites the vendor is working with. Online vendors are aware of malvertising and actively working to prevent it. That is why it’s important to only work with trustworthy, reliable vendors for any online ad services.

What is the Difference Between Malvertising and Adware?

As expected, Malvertising can sometimes be confused with adware. Where Malvertising is malicious code intentionally placed in ads, adware is a program that runs on a user’s computer. Adware is usually installed hidden inside a package that also contains legitimate software or lands on the machine without the knowledge of the user. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.

Some major differences between malvertising and adware include:

  • Malvertising is a form of malicious code deployed on a publisher’s web page, whereas adware is only used to target individual users.
  • Malvertising only affects users viewing an infected webpage, while Adware operates continuously on a user’s computer.

Solarwinds was the biggest hack of 2020. Learn more about how you may have been affected.

What Are Some Examples of Malvertising?

The problem with malvertising is that it is so difficult to spot. Frequently circulated by the ad networks we trust, companies like Spotify and Forbes have both suffered as a result of malvertising campaigns that infected their users and visitors with malware. Some more recent examples of malvertising are RoughTed and KS Clean. A malvertising campaign first reported in 2017, RoughTed was particularly significant because it was able to bypass ad-blockers. It was also able to evade many anti-virus protection programs by dynamically creating new URLs. This made it harder to track and deny access to the malicious domains it was using to spread itself.

Disguised as malicious adware contained or hidden within a real mobile app, KS Clean targeted victims through malvertising ads that would download malware the moment a user clicked on an ad. The malware would silently download in the background.  The only indication that anything was off was an alert appearing on the user’s mobile device saying they had a security issue, prompting the user to upgrade the app to solve the problem. When the user clicks on ‘OK’, the installation finishes, and the malware is given administrative privileges. These administrative privileges permitted the malware to drive unlimited pop-up ads on the user’s phone, making them almost impossible to disable or uninstall.

How Can Users Prevent Malvertising?

While organizations should always take a strong position against any instances of unwarranted attacks, malvertising should high on the priority list for advertising channels. Having a network traffic analysis in the firewall can help to identify suspicious activity before malware has a chance to infect the user.  

Some other tips for preventing malvertising attacks include the following:

  • Employee training is the best way to form a proactive company culture that is aware of cyber threats and the latest best practices for preventing them. 
  • Keep all systems and software updated to include the latest patches and safest version.
  • Only work with trustworthy, reliable online advertising vendors.
  • Use online ad-blockers to help prevent malicious pop-up ads from opening a malware download.

TOP 5 VPN’S OF 2021

In today’s working environment, no one knows when remote work will be going away, if at all.  This makes remote VPN access all the more important for protecting your privacy and security online. As the landscape for commercial VPNs continues to grow, it can be a daunting task to sort through the options to find the best VPN to meet your particular needs. That’s exactly what inspired us to write this article. We’ve put together a list of the five best and most reliable VPN options for you.

What is a VPN and why do you need one?

A VPN is short for a virtual private network. A VPN is what allows users to enjoy online privacy and obscurity by creating a private network from a public internet connection. A VPN disguises your IP address, so your online actions are virtually untraceable. More importantly, a VPN creates secure and encrypted connections to provide greater privacy than a secured Wi-Fi hotspot can.

Think about all the times you’ve read emails while sitting at the coffee shop or checking the balance in your bank account while eating a restaurant. Unless you were logged into a private network that required a password, any data transmitted on your device could be exposed. Accessing the web on an unsecured Wi-Fi network means you could be exposing your private information to nearby observers. That’s why a VPN, should be a necessity for anyone worried about their online security and privacy. The encryption and privacy that a VPN offers, protect your online searches, emails, shopping, and even bill paying. 

Take a look at our top 5 server picks for 2021.

Our Top 5 List of VPN’s for 2021

ExpressVPN

  • Number of IP addresses: 30,000
  • Number of servers: 3,000+ in 160 locations
  • Number of simultaneous connections: 5
  • Country/jurisdiction: British Virgin Islands
  • 94-plus countries

ExpressVPN is powered by TrustedServer technology, which was built to ensure that there are never any logs of online activities. In the privacy world, ExpressVPN has a solid track record, having faced a server removal by authorities which proved their zero-log policy to be true. ExpressVPN offers a useful kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. ExpressVPN also offers support of bitcoin as a payment method, which adds an additional layer of privacy during checkout.

Protect your data using an airgap with LTO Tape: Read the Blog

Surfshark

  • Number of servers: 3,200+
  • Number of server locations: 65
  • Jurisdiction: British Virgin Islands

Surfshark’s network is smaller than some, but the VPN service makes up for it with the features and speeds it offers. The biggest benefit it offers is unlimited device support, meaning users don’t have to worry about how many devices they have on or connected. It also offers antimalware, ad-blocking, and tracker-blocking as part of its software. Surfshark has a solid range of app support, running on Mac, Windows, iOS, Android, Fire TV, and routers. Supplementary devices such as game consoles can be set up for Surfshark through DNS settings. Surfshark also offers three special modes designed for those who want to bypass restrictions and hide their online footprints. Camouflage Mode hides user’s VPN activity so the ISP doesn’t know they’re using a VPN. Multihop jumps the connection through multiple countries to hide any trail. Finally, NoBorders Mode “allows users to successfully use Surfshark in restrictive regions.

NordVPN

  • Number of IP addresses: 5,000
  • Number of servers: 5,200+ servers
  • Number of server locations: 62
  • Country/jurisdiction: Panama
  • 62 countries

NordVPN is one of the most established brands in the VPN market. It offers a large concurrent connection count, with six simultaneous connections through its network, where nearly all other providers offer five or fewer. NordVPN also offers a dedicated IP option, for those looking for a different level of VPN connection. They also offer a kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. While NordVPN has had a spotless reputation for a long time, a recent report emerged that one of its rented servers was accessed without authorization back in 2018. Nord’s actions following the discovery included multiple security audits, a bug bounty program, and heavier investments in server security. The fact that the breach was limited in nature and involved no user-identifying information served to further prove that NordVPN keeps no logs of user activity. 

Looking for even more security? Find out how to set up a Zero Trust Network here.

IPVanish

  • Number of IP addresses: 40,000+
  • Number of servers: 1,300
  • Number of server locations: 60
  • Number of simultaneous connections: 10
  • Country/jurisdiction: US

A huge benefit that IPVanish offers its users is an easy-to-use platform, which is ideal for users who are interested in learning how to understand what a VPN does behind the scenes. Its multiplatform flexibility is also perfect for people focused on finding a Netflix-friendly VPN. A special feature of IPVanish is the VPN’s support of Kodi, the open-source media streaming app. The company garners praise for its latest increase from five to ten simultaneous connections. Similar to other VPNs on the list, IPVanish has a kill switch, which is a must for anyone serious about remaining anonymous online. 

Norton Secure VPN

  • Number of countries: 29
  • Number of servers: 1,500 (1,200 virtual)
  • Number of server locations: 200 in 73 cities
  • Country/jurisdiction: US

Norton has long been known for its excellence in security products, and now offers a VPN service. However, it is limited in its service offerings as it does not support P2P, Linux, routers, or set-top boxes. It does offer Netflix and streaming compatibility. Norton Secure VPN speeds are comparable to other mid-tier VPNs in the same segment. Norton Secure VPN is available on four platforms: Mac, iOS, Windows, and Android. It is one of the few VPN services to offer live 24/7 customer support and 60-day money- back guarantee.

How To Set Up A Zero-Trust Network

How to set up a zero-trust network

In the past, IT and cybersecurity professionals tackled their work with a strong focus on the network perimeter. It was assumed that everything within the network was trusted, while everything outside the network was a possible threat. Unfortunately, this bold method has not survived the test of time, and organizations now find themselves working in a threat landscape where it is possible that an attacker already has one foot in the door of their network. How did this come to be? Over time cybercriminals have gained entry through a compromised system, vulnerable wireless connection, stolen credentials, or other ways.

The best way to avoid a cyber-attack in this new sophisticated environment is by implementing a zero-trust network philosophy. In a zero-trust network, the only assumption that can be made is that no user or device is trusted until they have proved otherwise. With this new approach in mind, we can explore more about what a zero-trust network is and how you can implement one in your business.

Interested in knowing the top 10 ITAD tips for 2021? Read the blog.

Image courtesy of Cisco

What is a zero-trust network and why is it important?

A zero-trust network or sometimes referred to as zero-trust security is an IT security model that involves mandatory identity verification for every person and device trying to access resources on a private network. There is no single specific technology associated with this method, instead, it is an all-inclusive approach to network security that incorporates several different principles and technologies.

Normally, an IT network is secured with the castle-and-moat methodology; whereas it is hard to gain access from outside the network, but everyone inside the network is trusted. The challenge we currently face with this security model is that once a hacker has access to the network, they have free to do as they please with no roadblocks stopping them.

The original theory of zero-trust was conceived over a decade ago, however, the unforeseen events of this past year have propelled it to the top of enterprise security plans. Businesses experienced a mass influx of remote working due to the COVID-19 pandemic, meaning that organizations’ customary perimeter-based security models were fractured.  With the increase in remote working, an organization’s network is no longer defined as a single entity in one location. The network now exists everywhere, 24 hours a day. 

If businesses today decide to pass on the adoption of a zero-trust network, they risk a breach in one part of their network quickly spreading as malware or ransomware. There have been massive increases in the number of ransomware attacks in recent years. From hospitals to local government and major corporations; ransomware has caused large-scale outages across all sectors. Going forward, it appears that implementing a zero-trust network is the way to go. That’s why we put together a list of things you can do to set up a zero-trust network.

These were the top 5 cybersecurity trends from 2020, and what we have to look forward to this year.

Image courtesy of Varonis

Proper Network Segmentation

Proper network segmentation is the cornerstone of a zero-trust network. Systems and devices must be separated by the types of access they allow and the information that they process. Network segments can act as the trust boundaries that allow other security controls to enforce the zero-trust attitude.

Improve Identity and Access Management

A necessity for applying zero-trust security is a strong identity and access management foundation. Using multifactor authentication provides added assurance of identity and protects against theft of individual credentials. Identify who is attempting to connect to the network. Most organizations use one or more types of identity and access management tools to do this. Users or autonomous devices must prove who or what they are by using authentication methods. 

Least Privilege and Micro Segmentation

Least privilege applies to both networks and firewalls. After segmenting the network, cybersecurity teams must lock down access between networks to only traffic essential to business needs. If two or more remote offices do not need direct communication with each other, that access should not be granted. Once a zero-trust network positively identifies a user or their device, it must have controls in place to grant application, file, and service access to only what is needed by them. Depending on the software or machines being used, access control can be based on user identity, or incorporate some form of network segmentation in addition to user and device identification. This is known as micro segmentation. Micro segmentation is used to build highly secure subsets within a network where the user or device can connect and access only the resources and services it needs. Micro segmentation is great from a security standpoint because it significantly reduces negative effects on infrastructure if a compromise occurs. 

Add Application Inspection to the Firewall

Cybersecurity teams need to add application inspection technology to their existing firewalls, ensuring that traffic passing through a connection carries appropriate content. Contemporary firewalls go far beyond the simple rule-based inspection that they previously have. 

Record and Investigate Security Incidents

A great security system involves vision, and vision requires awareness. Cybersecurity teams can only do their job effectively if they have a complete view and awareness of security incidents collected from systems, devices, and applications across the organization. Using a security information and event management program provides analysts with a centralized view of the data they need.

Image courtesy of Cloudfare

SolarWinds Orion: The Biggest Hack of the Year

Federal agencies faced one of their worst nightmares this past week when they were informed of a massive compromise by foreign hackers within their network management software. An emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) instructed all agencies using SolarWinds products to review their networks and disconnect or power down the company’s Orion software. 

Orion has been used by the government for years and the software operates at the heart of some crucial federal systems. SolarWinds has been supplying agencies for some-time as well, developing tools to understand how their servers were operating, and later branching into network and infrastructure monitoring. Orion is the structure binding all of those things together. According to a preliminary search of the Federal Procurement Data System – Next Generation (FPDS-NG), at least 32 federal agencies bought SolarWinds Orion software since 2006.

Listed below are some of the agencies and departments within the government that contracts for SolarWinds Orion products have been awarded to. Even though all them bought SolarWinds Orion products, that doesn’t mean they were using them between March and June, when the vulnerability was introduced during updates. Agencies that have ongoing contracts for SolarWinds Orion products include the Army, DOE, FLETC, ICE, IRS, and VA. SolarWinds estimates that less than 18,000 users installed products with the vulnerability during that time.

  • Bureaus of Land Management, Ocean Energy Management, and Safety and Environmental Enforcement, as well as the National Park Service and Office of Policy, Budget, and Administration within the Department of the Interior
  • Air Force, Army, Defense Logistics Agency, Defense Threat Reduction Agency, and Navy within the Department of Defense
  • Department of Energy
  • Departmental Administration and Farm Service Agency within the U.S. Department of Agriculture
  • Federal Acquisition Service within the General Services Administration
  • FBI within the Department of Justice
  • Federal Highway Administration and Immediate Office of the Secretary within the Department of Transportation
  • Federal Law Enforcement Training Center, Transportation Security Administration, Immigration and Customs Enforcement, and Office of Procurement Operations within the Department of Homeland Security
  • Food and Drug Administration, National Institutes of Health, and Office of the Assistant Secretary for Administration within the Department of Health and Human Services
  • IRS and Office of the Comptroller of the Currency within the Department of the Treasury
  • NASA
  • National Oceanic and Atmospheric Administration within the Department of Commerce
  • National Science Foundation
  • Peace Corps
  • State Department
  • Department of Veterans Affairs

YOU CAN READ THE JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI) HERE.

How the Attack was Discovered

When Cyber security firm FireEye Inc. discovered that it was the victim of a malicious cyber-attack, the company’s investigators began trying to figure out exactly how attackers got past its secured defenses. They quickly found out,  they were not the only victims of the attack. Investigators uncovered a weakness in a product made by one of its software providers, SolarWinds Corp. After looking through 50,000 lines of source code, they were able to conclude there was a backdoor within SolarWinds. FireEye contacted SolarWinds and law enforcement immediately after the backdoor vulnerability was found.

Hackers, believed to be part of an elite Russian group, took advantage of the vulnerability to insert malware, which found its way into the systems of SolarWinds customers with software updates. So far, as many as 18,000 entities may have downloaded the malware. The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients’ computer networks. The investigation by FireEye discovered that the hack on itself was part of a global campaign by a highly complex attacker that also targeted government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.

The hackers that implemented the attack were sophisticated unlike any seen before. They took innovative steps to conceal their actions, operating from servers based in the same city as an employee they were pretending to be. The hackers were able to breach U.S. government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a position into their network and dig deeper all while appearing as legitimate traffic.

Read how Microsoft and US Cyber Command joined forces to stop a vicious malware attack earlier this year.

How Can the Attack Be Stopped?

Technology firms are stopping some of the hackers’ key infrastructure as the U.S. government works to control a hacking campaign that relies on software in technology from SolarWinds. FireEye is working with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to its victims. The move is not a cure-all for stopping the cyber-attack, but it should help stem the surge of victims, which includes the departments of Treasury and Homeland Security.

 

According to FireEye, the seized domain, known as a “killswitch,” will affect new and previous infections of the malicious code coming from that particular domain. Depending on the IP address returned under certain conditions, the malware would terminate itself and prevent further execution. The “killswitch” will make it harder for the attackers to use the malware that they have already deployed. Although, FireEye warned that hackers still have other ways of keeping access to networks. With the sample of invasions FireEye has seen, the hacker moved quickly to establish additional persistent mechanisms to access to victim networks.

 

The FBI is investigating the compromise of SolarWinds’ software updates, which was linked with a Russian intelligence service. SolarWinds’ software is used throughout Fortune 500 companies, and in critical sectors such as electricity. The “killswitch” action highlights the power that major technology companies have to throw up roadblocks to well-resourced hackers. This is very similar to Microsoft teaming up with the US Cyber Command to disrupt a powerful Trickbot botnet in October.

5 Cyber Security Trends from 2020 and What We Can Look Forward to Next Year

Today’s cybersecurity landscape is changing a faster rate than we’ve ever experienced before. Hackers are inventing new ways to attack businesses and cybersecurity experts are relentlessly trying to find new ways to protect them. Cost businesses approximately $45 billion, cyber-attacks can be disastrous for businesses, causing adverse financial and non-financial effects. Cyber-attacks can also result in loss of sensitive data, never-ending lawsuits, and a smeared reputation. 

 

With cyber-attack rates on the rise, companies need to up their defenses. Businesses should take the time to brush up on cybersecurity trends for the upcoming year, as this information could help them prepare and avoid becoming another victim of a malicious attack. Given the importance of cyber security in the current world, we’ve gathered a list of the top trends seen in cybersecurity this year and what you can expect in 2021.

INCREASE IN SPENDING

 

It’s no secret that cybersecurity spending is on the rise. It has to be in order to keep up with rapidly changing technology landscape we live in. For example, in 2019 alone, the global cyber security spending was estimated to be around $103 billion, a 9.4% increase from 2018. This year the US government spent $17.4 billion on cybersecurity, a 5% increase from 2019. Even more alarming is the fact that cybercrime is projected to exceed $6 trillion annually by 2021 up from $3 trillion in 2015. The most significant factor driving this increase is the improved efficiency of cybercriminals. The dark web has become a booming black market where criminals can launch complex cyberattacks.  With lower barriers to entry and massive financial payoffs, we can expect cybercrime to grow well into the future.

 

Learn more about how Microsoft is teaming up with US National Security to defeat threatening malware bot.

COMPANIES CONTINUE TO LEARN

 

Demand for cybersecurity experts continued to surpass the supply in 2020. We don’t see this changing anytime soon either. Amidst this trend, security experts contend with considerably more threats than ever before. Currently, more than 4 million professionals in the cybersecurity field are being tasked with closing the skills gap. Since the cybersecurity learning curve won’t be slowing anytime soon, companies must come to grips with strategies that help stop the shortage of talent. Options include cross-training existing IT staff, recruiting professionals from other areas, or even setting the job qualifications at appropriate levels in order to attract more candidates. 

 

Most organizations are starting to realize that cybersecurity intelligence is a critical piece to growth Understanding the behavior of their attackers and their tendencies can help in anticipating and reacting quickly after an attack happens. A significant problem that also exists is the volume of data available from multiple sources. Add to this the fact that security and planning technologies typically do not mix well. In the future, expect continued emphasis on developing the next generation of cyber security professionals.

THE INFLUENCE OF MACHINE INTELLIGENCE DEVELOPS

 

Artificial Intelligence (AI) and Machine Learning (ML) are progressively becoming necessary for cybersecurity. Integrating AI with cybersecurity solutions can have positive outcomes, such as improving threat and malicious activity detection and supporting fast responses to cyber-attacks. The market for AI in cybersecurity is growing at a drastic pace. In 2019, the demand for AI in cybersecurity surpassed $8.8 billion, with the market is projected to grow to 38.2 billion by 2026. 

 

Find out how the US military is integrating AI and ML into keeping our country safe.

MORE SMALL BUSINESSES INVEST IN CYBER PROTECTION

 

When we think of a cyber-attack occurring, we tend to envision a multibillion-dollar conglomerate that easily has the funds to pay the ransom for data retrieval and boost its security the next time around. Surprisingly, 43% of cyber-attacks happen to small businesses, costing them an average of $200,000. Sadly, when small businesses fall victim to these attacks, 60% of them go out of business within six months.

 

Hackers go after small businesses because they know that they have poor or even no preventative measures in place. A large number of small businesses even think that they’re too small to be victims of cyber-attacks. Tech savvy small businesses are increasingly taking a preventative approach to cybersecurity. Understanding that like big organizations, they are targets for cybercrimes, and therefore adapting effective cybersecurity strategies. As a result, a number of small businesses are planning on increasing their spending on cybersecurity and investing in information security training.

 

We have the ultimate cure to the ransomware epidemic plaguing small business.

CYBER-ATTACKS INCREASE ON CRITICAL INFRASTRUCTURES

 

Utility companies and government agencies are extremely critical the economy because they offer support to millions of people across the nation. Critical infrastructure includes public transportation systems, power grids, and large-scale constructions. These government entities store massive amounts of personal data about their citizens. such as health records, residency, and even bank details. If this personal data is not well protected, it could fall in the wrong hands resulting in breaches that could be disastrous. This is also what makes them an excellent target for a cyber-attack. 

 

Unfortunately, the trend is anticipated to continue into 2021 and beyond because most public organizations are not adequately prepared to handle an attack. While governments may be ill prepared for cyber-attacks, hackers are busy preparing for them. 

 

Curious About the Future of all Internet Connected Devices? Read Our Blog here

WHAT CAN WE LOOK FORWARD TO IN 2021?

Going forward into a new year, it’s obvious that many elements are coming together to increase cyber risk for businesses. Industry and economic growth continue to push organizations to rapid digital transformation, accelerating the use of technologies and increasing exposure to many inherent security issues. The combination of fewer cyber security experts and an increase of cyber-crime are trends that will continue for some time to come. Businesses that investment in technologies, security, and cybersecurity talent can greatly reduce their risk of a cyber-attack and  increase the likelihood that cybercriminals will look elsewhere to manipulate a less prepared target.

US Cyber Command & Microsoft launch attack on TrickBot Malware

With one of the biggest, most impactful elections in United States history just hours away, there is growing concern over voter fraud, rigged election results, and involvement from third parties influencing the results. Sadly, one of these has become reality as the Trickbot malware botnet was caught. Recently, an alliance of major tech companies organized an effort to take down the backend infrastructure of the TrickBot.

Companies fighting the good war against this bot include Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec. Even the U.S. government cyber security teams got in on the takedown. Prior to the attempted takedown the companies launched investigations into TrickBot’s backend infrastructure of servers and malware modules. 

 

Over a period of months, the team of tech corporations collected more than 125,000 TrickBot malware samples, analyzed the content, and extracted mapping information about the malware’s inner workings, including all the servers the botnet used to control infected computers. With evident to back their claims, Microsoft went to court asking for legal rights to counterattack and for control over TrickBot servers. 

 

Read Microsoft’s legal documents  

 

However, even with some of the most advanced tech giants in the world firing a counterattack against the malware bot, it still hasn’t gone away. The TrickBot botnet has survived a takedown attempt. TrickBot command and control servers and domains have been taken and substituted with a new infrastructure. The Trickbot takedown has been described as temporary and limited but gives its current victims time to breathe until a more permanent solution can be implemented. 

 

Even from the early planning phases, the tech companies anticipated TrickBot making a revival, and actually planned ahead for it. But why not kill it off all at once instead of just taking it out slowly. This multi-phased method to dismantling TrickBot is a result of the botnet’s complex infrastructure, much of which runs on bulletproof hosting systems, which are unresponsive or slow to react to takedown attempts.

Microsoft’s Victory in Court

Unbeknownst to many, the attempted take down of TrickBot played another role, one that could have ramifications long down the road. The court case that paved the way for the takedown also helped Microsoft set a new legal standard. In court, the tech giant argued that TrickBot’s malware abused Windows code for malicious purposes, against the terms of service of the standard Windows software development kit, on which all Windows apps are used.

Microsoft successfully argued that TrickBot was infringing on Microsoft’s copyright of its own code by copying and using its SDKs for unethical purposes.

Some have applauded Microsoft for this strategic legal maneuver. In the past, Microsoft had to present evidence to prove that the malware was causing financial damages to victims, which resulted in the long and laborious task of identifying and contacting victims. The new legal tactic Microsoft used in court focused on the misuse of its Windows SDK code. This method was easier to prove and argue, giving Microsoft’s legal team a more agile approach to going after malware groups. I wouldn’t be surprised to see Microsoft or other tech companies use the same approach in the future. 

Microsoft and Cyber Command Working to Save the US Election 

Microsoft was largely concerned that the masterminds behind Trickbot would use the botnet to upset the US election through ransomware. Attackers could lock down systems keeping voter rolls or reporting on election night results. When Microsoft began their investigations into the malware bot, it wasn’t expected to coincide with the US government’s own investigation. United States Cyber Command, the relative of the National Security Agency, had already started hacking TrickBot’s command and control servers around the world back in September. Microsoft only discovered this effort while launching its own.

In both investigations, the anti-TrickBot plans were meant to disrupt any possible Russian attacks during the next few critical days. However, it’s still not clear whether Russia intended to use Trickbot for a malware campaign, but this takes the option away before the vote on November 3rd.

The collaborative efforts of both Microsoft and government agency fast-tracked cyberconflict resolutions in the final days before the elections. Cyber Command, following a model it created in the 2018 midterm elections, kicked off a series of covert pre-emptive strikes on the Russian-speaking hackers it believes could interrupt the casting, counting and certifying of ballots on election day.

Trickbot and Malware as a Service (MaaS) 

So now that we’ve gotten to the bottom of how the malware botnet was discovered and potentially thwarted enough to find by time to find a permanent solution, we can dive deeper into how the Trickbot operates. 

The dual anti-threat efforts weren’t only dedicated to taking down TrickBot servers, which they knew would only be temporary, but also adding extra costs to TrickBot authors and delaying current malware operations. Additionally, security researchers also aimed to damage TrickBot’s reputation in cybercrime circles.

TrickBot is currently ranked as one of the Top 3 most successful Malware-as-a-Service (MaaS) operations in the cybercrime industry. The innovative bot uses email spam campaigns to infect computers, downloads its malware, and then steals data from infected hosts that it later resells for profit. Even more impressive is Trickbot’s ability to rent access to infected computers to other criminal groups, which makes a substantial amount of its revenues. The customers that rent this unauthorized access include infostealer trojans, BEC fraud groups, ransomware operators, and nation-state hacking groups.

A network bot like Trickbot that has potential to be disrupted risks revealing the operations of customers, most of which would prefer not to be exposed to law enforcement tracking. If Trickbot can be disrupted it would prove unreliable businesswise, especially for regular customers who are paying substantial fees to have access to infected systems at specific times.

Emotet, a Trickbot Malware, is kept alive in server spots like this one.

NCSAM WEEK 4 ; The Future of Internet Connected Devices

A decade ago, the average household would not be able to answer their front door from miles away via a smartphone, or order dinner by simply speaking to a small box. These things may have been customary in Hollywood spy films, but now they can be found in nearly every home across America. These internet connected devices are what is known as the Internet of Things.

 

The internet world is flourishing. It’s not just about computers, laptops, tablets, and smartphones anymore. There are now thousands of devices that are internet-connected. The list of devices has grown to washing machines, robotic vacuum cleaners, door locks, toys, and toasters. Because all of these devices are connected to one another through the internet, we must be more aware of these devices and their settings to protect our data and our privacy.

New Internet-connected devices provide a never before seen level of convenience in our lives, but they also require that we share more information than ever. The cars we drive, appliances we use to cook, our watches we use to tell time, the lighting in our homes, and even our home security systems, all contain sensing devices that can talk to another machine and trigger other actions. We have devices that direct that control the amount of energy we use in our homes and the energy in our bodies by tracking eating, sleeping, and exercise habits.

The security of the information users share with these devices is not always guaranteed. Once the device itself connects to the Internet, it is vulnerable to all sorts of risks. It is important than ever that we secure our devices, with more entering our homes and workplaces each day.

Upgrading your organizations network devices is easier than ever with DTC

Future Predictions about Internet Connected Devices

 

There will be more than to 21 billion IoT devices by 2025.

In 2016, there were more than 4.7 billion devices connected to the internet, and by 2021 it is expected to increase to nearly 11.6 billion devices.

There will be more “smart” cities.

Household consumers aren’t the only ones that use the power of internet connected devices. Cities and companies are also adopting smart technologies to save both time and money. Cities are able to automate, remotely manage, and collect data through things like visitor kiosks, video camera surveillance systems, bike rental stations, and taxis.

See how some cities are using AI to help crisis management

Artificial intelligence (AI) will keep growing

Smart home hubs, thermostats, lighting systems, and even TVs collect data on your habits and patterns of usage. When users set up voice-controlled devices, the allow them to record what is said and store the recordings in the cloud. The data is collected in the creation of what is known as machine learning. Machine learning is a type of artificial intelligence that helps computers “learn” without someone having to program them. 

Network routers become more secure and smarter

Most internet connected devices exist in the home and don’t have security software installed, leaving them vulnerable to attacks. As manufacturers rush to get their products to market in a rapid manner, security becomes an afterthought. 

The router is the entry point of the internet and gate keeper into your home, giving it the ability to provide protection to all of the connected devices. A conventional router provides some security, like password protection, firewalls, and the ability to allow only certain devices on your network. In the future, router manufacturers will continue to find new ways to increase security.

5G Networks Will Drive IoT Growth

Wireless carriers will continue to implement 5G (fifth generation) networks, promising increased speed and the ability connect more smart devices at the same time. Faster network speeds translate into increased data collected by your smart devices to be analyzed and managed, driving innovation and growth. 

Cars Will Continue to Get Smarter

The emergence of 5G will impact the auto industry like never before. The development of driverless cars and internet connected vehicles will advance from data moving faster. New cars will increasingly analyze your data and connect with other IoT devices, including other high-tech vehicles on the road.

5G Connected Devices Will Open the Door to New Security Concerns

Eventually, 5G internet connected devices will connect directly to the 5G network than via a Wi-Fi router, making those devices more vulnerable to direct attack. Devices will be more difficult for in-home users to secure when they bypass a central router.

 

For more information on CyberSecurity & how to be #CyberSmart, visit the CISA website today:

Click Here: https://www.cisa.gov/national-cyber-security-awareness-month

Securing Internet-Connected Devices in Healthcare

Now more than ever, the healthcare industry is depending on internet-connected devices to improve patient care, organizational productivity, response time, and patient confidentiality. With the recent COVID-19 outbreak, the development of telemedicine and patient portal apps has come to the forefront in the industry. Along with digital health records and internet-connected medical devices, the healthcare industry has also never been more vulnerable to a cyber-attack.

As the global epidemic spread across the nation, doctors, dentists, and other medical professionals such as therapists were forced to rely on online visits with their patients. The increase in virtual appointments also brings new concerns of patient confidentiality. Patients want to know how safe is the information shared during these online visits. Are cybercriminals able to steal their personal information? Unfortunate, the answer is yes. The healthcare industry is vulnerable just as is any other industry. However, there are steps healthcare providers can take to protect patient privacy during virtual visits.

Read more about how we help the healthcare industry with their IT needs.

What are the privacy risks associated with internet connected healthcare?

With virtual visits becoming more common place, cyber criminals are licking their chops. Hackers look to take advantage of these opportunities by stealing the private medical and billing information of patients. Cybercriminals could try intercepting emails or video chats with information about preexisting conditions or personal problems you may be having. Once the information is obtained, they could potentially sell it on the dark web, use it for blackmail, or sell it to drug manufacturers who overload customers with advertisements.

Healthcare records are particularly valuable on black markets due to the information they contain can be used to steal your identity. The information they hold might consist of your birth date, Social Security number, medical conditions, height, weight, home address, and even a picture of you. Hackers can use this information to take out credit cards or loans in your name. 

Providers may give their patients the option of ending their virtual visit by receiving health records through email or the medical provider’s online portal. Hackers may be able to steal the contents of your email messages or track the keystrokes you use to log onto your medical provider’s online portal. Just as medical providers are required to protect user information, so are all business entities. 

Learn more about how we can help your business stay compliant.

5 Ways to Secure Your Healthcare Connected Devices

  1. Control everything that connects into your network.  Managing network segmentation can help with risk mitigation and controlling a breach if one does occur. Network visibility is critical. And, in so many cases, the network acts as your key security mechanism to stop the spread of an attack. Network intelligence, scanners, and security solutions can all help reduce the risk of an attack or breach. 
  2. Create security based on context and layers. Your security platform must work for you and question devices coming in to really understand where they’re coming from. When it comes to IoT and connected devices, contextual security can help isolate IoT solutions to their own network. Set up policies to monitor anomalous behavior and even traffic patterns. Set up additional filters for extra security; like shutting the network segment down if there’s a sudden rise in traffic. 
  3. Centralize and segment connected devices. If you’re going to work with IoT and connected devices, create a separate network, monitor those devices properly, and set monitors to make sure you can manage all these connected tools and use IoT aggregation hubs that help further the control of devices. 
  4. Align users and the business when it comes to more connected devices in healthcare. Ensure there is complete alignment between business and IT leadership units. This is the best way to gain the most value out of these devices and ensure you don’t fall into an IoT device hole.
  5. Always test your systems and maintain visibility.  Never lose sight of your devices and build a good monitoring platform. The more things that connect into the network the harder it will be to monitor them all.

A plan for guarding against ransomware in the healthcare industry

So, what can hospitals, medical centers, dentists, and other healthcare providers do to guard against the threat of cyber-attack?  Here is a simple five-point plan that will go a long way to helping healthcare professionals secure their defenses.

Stay up to date

Make sure that servers and PCs are up to date with the latest operating systems and antivirus solutions.

 

Retire unused IT assets

Consider if older machines, which are beyond updates or support, could be replaced or retired. The cost of doing so, and inconvenience of replacing older equipment will probably be less than the impact of a data breach.

 

Sell Your Retired IT Assets for Cash

 

Educate employees

Make sure everyone in the organization is familiar with ransomware methods and can recognize attempts to gain password credentials or circulate harmful links and attachments. Hospitals employ so many different and diverse professionals, covering a multitude of functions, that there needs to be a culture of vigilance across the entire organization.

 

Be prepared for an attack

Use different credentials for accessing backup storage and maybe even a mixture of file systems to isolate different parts of your infrastructure to slow the spread of ransomware. Healthcare organizations that follow the “1-10-60” rule of cybersecurity will be better placed to neutralize the threat of a hostile adversary before it can leave its initial entry point. The most cyber-prepared healthcare agencies should aim to detect an intrusion in under a minute, perform a full investigation in under 10 minutes, and eradicate the adversary from the environment in under an hour.

 

Create an Airgap

Three copies of your data, on at least two different media, with one stored offsite (e.g. cloud or tape) and one stored offline (e.g. tape). Having your data behind a physical air gap creates perhaps the most formidable barrier against ransomware. Tape can greatly speed up your recovery in the hours and days that follow an attack, especially if your primary backups have been disrupted. Tape is also supremely efficient for storing huge amounts of infrequently accessed medical records for a very long time. Tapes can also be encrypted so that even if they did fall into the wrong hands, it would be impossible for thieves to access or use the data.

 

Learn more about how to create an Airgap

Scroll to top