Archive for category: Uncategorized

 Make Sure You’re Prepared For Cyber Attacks

Just as the military uses simulated environments to prepare troops, forward-thinking cybersecurity teams stage mock security breaches to ensure they’re prepared for cyber attacks. Companies like Boeing, Lockheed Martin, and Raytheon Technologies use cyber war games as part of their security arsenal — a proactive measure to safeguard their data and their business.

As your business grows, so will the number of attacks you face. You know the adage: Cyberattacks are so common that it’s not a matter of whether a business will fall prey to one, but when. Here are our top five reasons why you should conduct cyber war games at your company.

1. Stand ready.

Cyber war games ensure your security professionals and extended team are ready for anything. Your proprietary data can be swaddled in encryptions and accessible only by a 2FA token, retina scan, and voice-activated password, but unless your company’s cybersecurity is constantly evolving, it’s only a matter of time before it’s breached. By participating in war games, tech professionals learn to think like an adversary and identify weaknesses in their own defenses before hackers can.

2. Learn the ways of your adversaries to defend your environment.

Cyber war games go beyond penetration testing in search of vulnerabilities — unsecured network ports, data in transit, and externally facing programs sharing too much information. Modeled after real-life hacking techniques, from phishing to cross-site scripting, they’re designed to test even the most savvy security team’s agility and decision-making skills. Furthermore, it helps the security team better understand each angle of an attack, anticipate new ones, and rapidly devise go-to countermeasures. NATO’s yearly cyber war game, Locked Shields, imagines a fictional country on the defensive. Targets may include anything from the civilian to the military — think water treatment facilities, energy plants, and military installations— and the rules, based on actual law, force participants to navigate the legal repercussions of their actions. Put into this context, it’s easier to see yourself as the protector of sensitive systems and information.

3. Know the risks of being ill-prepared.

Attacks have consequences. A data breach can cost millions of dollars, lose client trust and business, and lead to legal repercussions. If protected personal information (PPI) is stolen, organizations may face not only government fines but also legal action such as class action lawsuits — not to mention the gauntlet of public ridicule. Social media platforms have certainly taken heat this year: Facebook alone suffered a breach that exposed 533 million users’ information and is now facing potentially billions of dollars in lawsuits — and that’s on top of the PR nightmare.

4. Improve security culture.

If a security team is in the habit of setting and forgetting defensive measures, they’re leaving their company exposed to collapse under cyberattacks. The best defense against ever-evolving attacks is practice, and what better way to practice than to play against one another? As in chess, the player with the stronger and more flexible tactics will emerge the victor — and the entire team will learn from it.

5. Develop strategies to survive the next attack.

Many companies will struggle to survive a cyberattack. Part of a cyber war game should include fail safes and backup plans. What happens if the enemy does breach the gates? A war game inspires players to contrive system resets, automatic updates and data backups, and countless other ways to mitigate the potential effects of a cyberattack. Damage control is just as important as defense in surviving an attack.

Practicing how to defend against cyber attacks is an increasingly complex part of company security; wargaming keeps a security team’s minds open, reactions on-point, and strategies creative — and, most importantly, one step ahead.

Reassessing Your Cybersecurity Framework From The Inside Out

Remember the days when you could build a secure perimeter around your business and feel safe? With corporate boundaries shifting from the office to remote work locations, company leaders and cybersecurity pros must secure sensitive data, systems, and networks from the inside out.  

Insider Threats: A Costly Mistake

Hollywood encourages the idea that insider threats are often due to malicious actors housed within our own walls. In reality, internal leaks are far less glamorous — and mostly unintentional.

According to a 2021 Cyber Security Trends Report from PurpleSec, 63% of security breaches stem from negligence. This includes sending emails to the wrong address, failing to protect passwords, or falling victim to social engineering. In fact, 98% of all attacks are social engineering — most often phishing attacks that manipulate people into sharing personal information, sensitive data, or credentials that allow access to confidential systems and networks.

Insider Attacks: A Rising Concern

While far less common, insider attacks are a rising concern. Malicious internal attacks are often linked to disgruntled employees — or former employees — with access to sensitive data.

On a recent episode of OzCyber Unlocked, two investigators share their experiences of intentional insider attacks. One investigator uncovered the identity of a resentful employee who stole data from his company’s client and held it for ransom in an act of revenge. A separate investigation discovered several illegal hotspots at a financial institution, three of which were found to be suspicious — including one device planted under the floorboards.

A recent BBC article highlights employees secretly taking on secret full-time jobs. These overemployed individuals are typically looking to game the system, increasing their income while asserting a sense of control. It’s easy to imagine this scenario going wrong and a conflicted employee, with access to sensitive data across several companies, becoming an insider threat.

A New Framework: A Holistic Approach to Cybersecurity

You can assume your organization faces some degree of risk — what kind and how much depends both on your cybersecurity framework and the solutions you adopt to secure your data. Consider combining clear policies with the right methods and tools to close security gaps and address insider threats — including the following basic recommendations:

Staff Training

Employees at all levels, especially leadership, must be educated about strong passwords, multi-factor authentication (MFA), and cybersecurity best practices.

Role-Based Access Controls

Access to sensitive data should be limited to those employees who need it to do their current jobs.

Stay Current with Security Patches for Commercial Software

Commercial software should be kept current and tested regularly.  

Evaluating Internally Developed Software

Internally developed applications, especially legacy applications, can provide an even greater opportunity for damage than commercial software. Put in place procedures for assessing potential exposure from custom applications

Learn More:

For more information on preventing insider attacks, see Microsoft’s “Uncovering Hidden Risks” podcast series.

The Real Cost of Recovering From a Ransomware Attack

Paying the ransom itself comes with a hefty price tag — but remediation costs, including the cost of downtime, lost opportunities, data recovery, lawsuits, and loss of reputation, increase the bill tenfold. And it all adds up to an average of $1,270,000.

Hospitals Are at the Center of the Escalating Cyber Storm 

The pandemic offered a perfect storm for cybercriminals — and hospitals paid the price. Cybercriminals brought in staggering amounts of cash by installing ransomware at overstretched hospitals, notoriously unprepared for escalating cybersecurity threats. Now, cyber gangs like FIN12 intentionally target vulnerabilities in the healthcare sector, looking for an easy payday. The increased risk to patients’ lives incentivizes hospitals to pay up, and cybercriminals know it.

When cybercriminals shut down networks, encrypt data, and threaten to shut down the facility’s utilities, the repercussions are complicated and costly. Precious commodities like patient information and lifesaving equipment are at risk. And when ransomware infiltrates a hospital’s lifesaving systems, there are no clear instructions for recovery. Even hardliner authorities (“We don’t negotiate with terrorists!”) recommend meeting ransom demands to save patients’ lives.

The Hidden Costs of Ransomware Attacks at Hospitals

The ransom paid — an average of $131,000 in the healthcare sector — is just a fraction of the $1,270,000 average recovery cost from a ransomware attack. Operational downtime, negative patient experience, loss of reputation, staff overtime, device costs, and network repairs make up the difference. Even if the attack is swift and the criminals withdraw quickly after paying the ransom, lost revenue adds up. NEO Urology in Ohio lost $30,000 to $50,000 every day for three days after paying a $75,000 ransom.

A worrying 54% of IT teams said that cyberattacks are too advanced to handle on their own. Outside agencies are often brought in to assist with data and device recovery (which can take years). When all is said and done, the bill can cost more than the ransom. It costs up to $2,000 on average to recover data from one hard drive. Consider how many hard drives are in a single hospital and what it would cost to bring them all back up to speed. Okay, you can spare yourself the mental math: It’s a lot. Don’t even try to think about the other, more complex medical devices similarly affected by network attacks — you’ll get a headache.

Payroll and education costs also add up. With networks offline, hospital staff must make handwritten records to maintain protocols, procedures, and schedules. Once systems are back online, those same records must be transcribed into the system to avoid leaving gaps in the facility’s history. These tedious tasks add a surprising amount of time to any healthcare worker’s shift, resulting in overtime and hazard pay. And let’s not forget the resources needed to train staff about cybersecurity best practices to avoid another attack.

$1,270,000 is a hefty price tag, but even so, it fails to include the costs of legal repercussions associated with a successful cyberattack.

Quality Rep Services, Inc. (QRS), a healthcare technology vendor in Knoxville, Tennessee, is facing a class action lawsuit for a data breach of 319,778 records. On the internal side of things, Community Medical Center (CMC) in Missoula, Montana, flirted with employee lawsuit material over payroll discrepancies. CMC suffered a cyberattack in late 2021, which affected payroll processing. In the interim, the medical center duplicated paychecks from December 3, 2021, prompting a letter from the Montana Nurses Association (MNA) urging CMC to pay nurses what they are owed.

Minimize Damage and Keep Your Data Safe

Until cyberattacks let up (which is more likely than seeing the dead rise from the grave but less likely than seeing a good Matrix sequel), these expenses aren’t going down. Remember, the best defense is not preventing attacks (they’re going to happen!), but preventing successful attacks by keeping backups of your important data secured off-network and minimizing the effects on patients. The less damage done, the less recovery is needed.

It’s Time to Face Escalating Malware Threats

What Is Malware?

Malware is malicious software designed to infect your devices and networks — sometimes for financial gain and sometimes just for the thrill of causing trouble. It can gain unauthorized access to sensitive data, prevent access to your device and network in exchange for ransom, or sell your passwords to someone else — often on the Dark Web. In summary, its aim is to destroy. 

While malware has been around since the ‘80s, many of today’s threats are firmly future-facing — including extremely advanced, AI-driven malware that can evade detection and hide in code for years. This shouldn’t come as a surprise: technology is constantly evolving, and malware is no exception.  

Malware’s Impact on Daily Life

2021 is being called the year of ransomware. Cyber attacks are more sophisticated, coordinated, and well-funded than ever — and they’re happening all the time. An organization is attacked by ransomware every 11 seconds — with annual damages projected at $20 billion. And that’s just ransomware, only one type of malware out of dozens. The total losses due to cybercrime in general are predicted to approach upwards of $6 trillion annually.

From government and financial institutions to small businesses, schools, and global corporations, organized cyber criminals are now ruthlessly attacking all industries — in addition to critical infrastructure like hospitals and transportation. The result? Cyber attacks are now threatening lives as well as sensitive data. According to the Wall Street Journal, a ransomware attack on a Las Vegas hospital chain “nearly brought Las Vegas hospitals to their knees” — and another at a New York trauma center stopped services and delayed care. To put it bluntly, people died from malware in 2021; it’s not just about loss of productivity and profits anymore — it’s about loss of life.

You don’t have to look far to find evidence of escalating malware threats:

Foreign attacks on the U.S. government were reported during the SolarWinds attack.

• A zero-day attack in September at Microsoft allowed hackers to gain administrative control on Windows 10, 11, and Windows servers.

• Ransomware at the Colonial Pipeline Company halted operations, disrupting energy consumers from Texas to New York.

• Ransomware shut down meat processing plants at JBS, responsible for one-fifth of the nation’s meat supply. 

Know Your Enemy: The Common Types of Malware

To understand growing threats to personal identifiable information (PII) and business operations, it helps know what you’re up against. These are the most common types of malware:

1. Ransomware Ransomware essentially encrypts and “kidnaps” your files and systems — demanding ransom in exchange for a decryption key.

2. Viruses Viruses are malicious code designed to replicate and spread between devices when a user host triggers activation, causing damage and oftentimes destroying devices.

3. Worms Worms are stand-alone malicious programs that can replicate and spread themselves to other devices and computers across a network.

4. Spyware True to its name, spyware is any malware designed to spy on you and monitor your behaviors to collect PII. Spyware can discover passwords to sensitive accounts, including your financials.

5. Keyloggers Keyloggers record your keystrokes in order to gain access to your accounts.

6. Trojan Horse A Trojan Horse is a malicious program that is downloaded onto your computer — often hidden inside an innocuous looking email (hat tip to Virgil). A common way of gaining access to your corporate devices and systems, a Trojan Horse hides by mimicking legitimate programs.

7. Malvertising Malvertising spreads malware with legitimate online advertising. As if in-stream video ads weren’t awful enough.

8. Adware Adware is software that automatically generates advertisements on your device without your consent.

9. Rootkits Rootkits are hidden malicious software and programs that allow administrative access to devices and systems.

How Does Your Device Get Infected With Malware?

From getting phished to downloading apps with malicious code, there are many different ways malware can infect your devices. Most of them are common mistakes people make every single day. In cybersecurity research, it’s called negligence — a fancy way of saying someone screwed up, big time.

According to a 2021 Cyber Security Trends Report from PurpleSec, 98% of all attacks are social engineering — think phishing (a bad guy pretending to be a good guy to get sensitive information from a trusting user) and spam emails. Social engineering manipulates a person to share PII, sensitive data, or offer up credentials that grant administrative access to systems and networks.

Occasionally, malware can infect your devices through vulnerabilities in the operating system or through compromised software. The most risky type of vulnerability is a zero-day threat. During zero-days, a bad actor exploits unknown vulnerabilities in applications, servers, systems, or networks. Other times, devastating attacks occur despite known vulnerabilities and available patches — because people fail to patch and update their applications and systems.

Here are the most common ways your devices get infected with malware:

1. Social Engineering

2. Phishing and Malspam Emails

3. Downloading Apps With Malicious Code

4. Visiting Non-secure Websites

5. Malvertisements and Adware

6. Vulnerabilities in the Operating System

7. Vulnerabilities in the Network

8. Compromised Software

I have an antivirus program on my computer, so I’m safe, right?

No. Your car has brakes and seat belts. It doesn’t mean you can’t get in an accident, does it?

How Can You Detect and Remove Malware?

Before you can remove malware, you need to be able to detect it. Sometimes, your device simply stops working — or the malware blatantly pops up on your screen. Most of the time, however, malware is harder to detect. Malware may stay hidden in software for six to seven years before it’s triggered. More advanced malware is designed to hide as it operates, so it can access more information and infect more devices.

If you suspect one of your devices have been infected, get help, fast, from an expert. The longer you wait, the worse it will be. Pretending everything is fine is not going to make anything better.  

To detect malware and remediate the problem, consider the following solutions: 

Advanced Malware Detection: If you’re working with a larger tech stack or want to confirm your files are clean, you’ll need more advanced malware detection solutions like CodeHunter Pro. CodeHunter Pro finds malware and suspicious behaviors in executable files without sandboxes, signatures, or source code — and detects malware that might be hidden or lying dormant. Zero-day attacks and sleeper code can’t hide, even if obfuscated or scattered throughout software code.

Strong Antivirus Programs: A strong antivirus program can detect — and often remove — many types of malware.

Manual Removal: Rogue registry keys, individual files, and malware designed to prevent removal are common — you’ll need to manually remove the malicious software.

Restore a Backup: You can try restoring your data to a known point before malware infected your devices.

December 6, 2021 — CTO Chris O’Ferrell shares his predictions for cyberattacks in 2022 with Forbes magazine, alongside seven other cybersecurity experts:

“Extremely advanced, AI-driven, weaponized malware will emerge with the capability to circumvent most (if not all) of the defensive and detection security technologies used today.” 

Read More: “8 Crystal Ball Predictions About Cyberattacks In 2022”