Notice: Undefined index: option in /var/www/html/jc.infradapt.com/plugins/system/fixfrontedit/fixfrontedit.php on line 20 Hackers

Infradapt Blog

This is some blog description about this site

Hackers

Subscribe to this list via RSS
John Reilly

Alert: Homeland Security Finds U.S. Power Grid Vulnerable to CrashOverride Malware

Infradapt Blog
Alert: Homeland Security Finds U.S. Power Grid Vulnerable to CrashOverride Malware
Strict Standards: Declaration of JParameter::loadSetupFile() should be compatible with JRegistry::loadSetupFile() in /var/www/html/jc.infradapt.com/libraries/joomla/html/parameter.php on line 512

On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.

The warning comes from the Computer Emergency Readiness Team’s (CERT’s) National Cybersecurity and Communications Integration Center (NCCIC). In it, public reports from ESET and Dragos reported “a new highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”

You may recall a similar incident hitting the news not too long ago when workers at a Ukrainian power distribution center watched helplessly as hackers took control of their computers, and used them to shut down heat and power for over 230,000 citizens. Though the power wasn’t out for very long (somewhere between one-to-six hours, depending on location), the control centers are still suffering from the attacks several months later. In addition to turning off the power, hackers also overwrote crucial firmware, which left 16 substations unresponsive to remote commands. This is the first confirmed instance of hackers successfully taking down a power grid, and it’s thought that these hackers were very meticulous and sophisticated in the execution of this attack.

Last year, the FBI began a campaign to raise awareness of the potential issue by briefing electrical power companies of the risk. Although, the possibility of such an attack hitting the United States was deemed improbable. Thankfully, there is currently no evidence to suggest that this malware has affected critical infrastructure in the U.S., but the recent CERT warning suggests that such an attack has grown more probable. This risk is due to CrashOverride having the potential to be modified to target vulnerabilities in U.S. critical information network and systems via the malware’s tactics, techniques, and procedures (TTPs). 

To give you an idea of how dangerous the malware is, the Dragos report links the malware to the group responsible for Sandworm, a wicked zero-day vulnerability that executed code within affected systems by opening a backdoor for later access. This threat utilizes phishing attacks and has the ability to spread between networks with the goal of disrupting systems and stealing sensitive information.

In the CERT warning, the recommended way to handle CrashOverride is for utility companies to take a proactive stance when it comes to cybersecurity. This includes implementing techniques for providing and identifying malware. In truth, this is the same approach to cybersecurity that we recommend for all businesses, regardless of industry, size or location. As the sophistication of cybercrime continues to develop, properly monitored and maintained networks are a company's first line of defense. Contact us today to learn more about network security and best practices.

Tags:
CrashOverride Hackers Malware
Continue reading
0 Comment
John Reilly

Tip of the Week: 9 Hacker Profiles You Need to Be Aware Of

Infradapt Blog
Tip of the Week: 9 Hacker Profiles You Need to Be Aware Of

“Hacker” is a word that can bring up many powerful impressions in people. It may very well bring up images of a pale super genius hunched over a keyboard, awash in dim blue light, as it does for many people. However, this extremely specific image does little but pigeonhole the many hackers in the real world into this dramatized caricature.

Tags:
Hackers Tip of the Week Knowledge
Continue reading
0 Comment
John Reilly

Study Confirms that Over 75% of Organizations are Vulnerable to Hackers

Infradapt Blog
Study Confirms that Over 75% of Organizations are Vulnerable to Hackers

How does your business handle threats to its data security? You might think you’re safe, but according to the Ponemon Institute, nearly four out of every five organizations aren’t prepared to fend off threats to their security. This is a major problem, so it should make you question whether you’re prepared to handle the various security risks that could potentially plague your business.

Some organizations have cyber threat intelligence for specific reasons, or one that’s exclusive to only one part of a company’s network. More than one-third of organizations have no way of gathering intelligence, while close to one-fifth claim they have a process for gathering information on network threats. Either way, the results are clear; security is not the priority that it needs to be for the respondent’s businesses.

Due to this less-than-ideal focus on cyber security, the Ponemon institute claims that businesses experience an average of at least one cyber attack every month. These breaches result in costs totaling over $3.5 million annually. You need to assess your organization’s current state of security and consider whether you can afford to suffer from a data breach.

Hint: You can’t.

One of the most dangerous ways that hackers try to harm organizations is through the use of phishing scams. These attempts to convince users to part ways with sensitive information by using an elaborate ruse. By the end of a successful phishing scheme, the hacker will have all of the information they need to access a sensitive network, compromise an online account, or steal the user’s identity. If users can’t tell the difference between a hacker and a normal user, there’s an increased risk of communicating with anyone online. More often than not, hackers are allowed to have their way specifically because organizations either don’t take the threat of a hacking attack seriously enough, or they just accidentally let a threat through their defenses.

The easy solution to this problem can be implemented by any business professional. All you have to do is keep two major points in mind: 1) Implement preventative measures, and 2) Educate your employees on security threats.

  • Preventative measures: When we talk about security measures, we mean the basic ones like firewalls and antivirus solutions. These are designed to protect your organization from threats in the first place, so that you don’t have to suffer from an unexpected data breach. In other words, by cutting your organization’s exposure to threats, you enhance your business’s cyber security.
  • Employee education: If your business wants to take the fight to cybersecurity threats, your employees need to know what to avoid and why. Show your employees what phishing scams look like, and what to do about them. By doing so, you’ll be making security a part of your organization’s culture, which is crucial to keeping your data safe.

If your business is concerned about cybersecurity, Infradapt can help. To learn more, reach out to us at 800.394.2301.

Tags:
Best Practices Hackers Cybersecurity
Continue reading
0 Comment
John Reilly

Hackers Scam CEOs for $3 Billion Over the Past 3 Years

Newsletter
Hackers Scam CEOs for $3 Billion Over the Past 3 Years

What would you do if a significant sum of money magically disappeared from your account due to a “miscommunication” between accounting and someone pretending to be you? Wire transfers have made it extraordinarily easy for scam artists to make large transactions, which are augmented by the ability to impersonate authority figures within the office; the c-suite staff, also known as management.

This type of CEO fraud is known as a “whaling” scheme. In a sense, it’s like a phishing scheme, but on a much larger scale. When it comes to whaling, rather than faking the identity of your IT department or another employee, the hacker goes for the motherload: you, the business owner, or another member of your management staff. This plays to the employee’s willingness to comply with your requests and makes it more likely that they’ll perform unreasonable tasks, like sending “you” a large wire transfer.

Wire transfers in particular are proving to be a powerful tool for hackers to exploit. ITProPortal reports: “Individuals create bogus messages seemingly from a senior leader, for example, the CEO, which asks employees to wire funds across to them. The messages ultimately trick employees into transferring large amounts of cash electronically.” The average value of a wire transfer is $67,000, and according to the FBI, CEO fraud has cost businesses over $3 billion over the past three years alone.

One of the biggest problems with wire transfers is that they are difficult, and often impossible, to challenge. Therefore, your best chance of recovering from a whaling scheme is to avoid getting scammed in the first place, unfortunately. Due to the fact that wire transfers are too fast and finite, you’ll want to ensure that your business has practices in place to handle this influx of CEO fraud. A good place to start would be to address how your business handles unsolicited requests for payments or credentials via email, telephone, or otherwise. Here are a few tips and tricks to consider for your business.

  • Implement hands-on phishing scam training: If you want someone to learn something, it’s best to have them go through the process themselves. This type of hands-on education works well against phishing scams. Engineer a system that roots out those who have subpar reactions to phishing scams, and help them learn how to improve their ability to react to threats.
  • Always check in person before sending credentials, or anything else: Emails that request suspicious or sensitive information need to be cross-referenced, either in-person or by checking the email addresses that you have on record. Although, even this might not work at all times, as hackers can potentially spoof email addresses to make their messages appear legitimate. Basically, it’s better to just ask whoever supposedly sent the message before responding rashly to a request.
  • Educate employees on best practices: We return to the hands-on phishing scam training to emphasize the importance of best practices. Make sure that your team understands how to respond to threats, and regularly quiz them to ensure that they’re not going to inadvertently sink your business or cause data loss.

To learn more about whaling schemes or CEO fraud, reach out to us at 800.394.2301.

Tags:
Business Owner Hackers Security
Continue reading
0 Comment
John Reilly

How a Single Data Breach Can Cost You Millions of Dollars

Newsletter
How a Single Data Breach Can Cost You Millions of Dollars

With all of the major data breaches making the news these days, it’s not very surprising when you hear about a new one. However, what is surprising is just how much the average cost per breach has skyrocketed in recent years. The cost of data breaches is up 29 percent since 2013, which equates to roughly $4 million per data breach.

This sobering statistic is from a recent study by the Ponemon Institute and IBM Data. In it, 283 international companies that experienced a major data breach were examined. Here are some more findings from the study:

  • The United States leads in terms of sheer overall cost of breaches by record value. The value per record is $223 on average. In total, the average cost of a data breach in the United States was roughly $7.01 million.
  • Particular industries, like healthcare, education, and finance, have a higher value per record at $355, $246, and $221 respectively.
  • 48 percent of all data breaches were the result of malicious intent, like hacking attacks and network infiltrations.
  • Encryption and other security protocol decrease the costs of data breaches by up to $16/record.
  • How quickly a company responded to the security breach had a positive impact on the overall cost of the breach.
  • There’s a 26 percent chance that an enterprise will be hit by one or more data breaches of over 10,000 records within the next two years.

It’s important to keep in mind that this study doesn’t track the reputation fallout that a business experiences after news of their data breach goes public. This includes future customers choosing another business, as well as losing clientele. It’s difficult to put a number to factors like these, but one thing’s for sure; it will certainly be a major loss for any business that experiences a data breach. Reasons like these are why the average business that fails to recover their lost data after a breach will go out of business within one year of the incident.

Do you think that you’ve got what it takes to bounce back from a costly data breach? If you’re unprepared and you don’t have a proper data backup solution or your business continuity plan is inadequate, then you’re in for a world of hurt.

Therefore, how much should you invest in a quality data backup solution? Before you make your decision, consider three more relevant points of interest from the study.

Cost per record from data theft due to malicious intent: $236. This is data that’s considered lost or stolen due to hacking attacks like ransomware or viruses. This category is virtually limitless with thousands of new strains of malware released on the Internet every single day.
Cost per record from data loss due to hardware failure: $213. This is data that’s lost due to system malfunction or hardware failure, like a server or workstation crashing unexpectedly. The good news; hardware failure is relatively easy to safeguard yourself against if you follow best practices and perform routine maintenances on all of your equipment.
Cost per record from data loss due to human error: $197. This is data that’s lost due to the actions of the user. It could be from intentional actions like sabotage by a disgruntled employee, but it’s often accidental, like moving a file to the wrong place or deleting something important. The best way to protect yourself from human error is by educating everybody who accesses your company’s data; a tall task if your staff consists of computer novices.

The takeaway from all of this is that your data is perhaps worth more than what you realized. Therefore, you need to protect your company with solutions that can minimize the risk of threats and help you bounce back quickly, should a breach ever occur. Infradapt has the enterprise-level security solutions that you need, like firewall, antivirus, spam-blocking, content filtering, backup and disaster recovery, and more, to ensure your business won’t be derailed by an unforeseen data breach. To learn how we can best protect you, call us today at 800.394.2301.

Tags:
Malware Hackers Network Security
Continue reading
0 Comment
1 2 3 4 5 6 7 8

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries