Notice: Undefined index: option in /var/www/html/jc.infradapt.com/plugins/system/fixfrontedit/fixfrontedit.php on line 20 Malware

Infradapt Blog

This is some blog description about this site

Malware

Subscribe to this list via RSS
John Reilly

Latest Ransomware Attack is Brutal Reminder of Cyber Security Importance

Infradapt Blog
Latest Ransomware Attack is Brutal Reminder of Cyber Security Importance
Strict Standards: Declaration of JParameter::loadSetupFile() should be compatible with JRegistry::loadSetupFile() in /var/www/html/jc.infradapt.com/libraries/joomla/html/parameter.php on line 512

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.

Why NotPetya Isn’t Really a Ransomware
The first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside.

A Hybrid Hacking Attack
Since the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA.

Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread--including onto updated and patched Windows 10 systems.

How To Protect Your Files
First off, don’t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable.

However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user’s systems were (and are) still vulnerable.

The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business’ systems are reinforced against the latest threats by keeping your defenses up-to-date.

Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network.

Infradapt has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at 800.394.2301 today.

Tags:
Security Malware Alert
Continue reading
0 Comment
John Reilly

Alert: Homeland Security Finds U.S. Power Grid Vulnerable to CrashOverride Malware

Infradapt Blog
Alert: Homeland Security Finds U.S. Power Grid Vulnerable to CrashOverride Malware

On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.

The warning comes from the Computer Emergency Readiness Team’s (CERT’s) National Cybersecurity and Communications Integration Center (NCCIC). In it, public reports from ESET and Dragos reported “a new highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”

You may recall a similar incident hitting the news not too long ago when workers at a Ukrainian power distribution center watched helplessly as hackers took control of their computers, and used them to shut down heat and power for over 230,000 citizens. Though the power wasn’t out for very long (somewhere between one-to-six hours, depending on location), the control centers are still suffering from the attacks several months later. In addition to turning off the power, hackers also overwrote crucial firmware, which left 16 substations unresponsive to remote commands. This is the first confirmed instance of hackers successfully taking down a power grid, and it’s thought that these hackers were very meticulous and sophisticated in the execution of this attack.

Last year, the FBI began a campaign to raise awareness of the potential issue by briefing electrical power companies of the risk. Although, the possibility of such an attack hitting the United States was deemed improbable. Thankfully, there is currently no evidence to suggest that this malware has affected critical infrastructure in the U.S., but the recent CERT warning suggests that such an attack has grown more probable. This risk is due to CrashOverride having the potential to be modified to target vulnerabilities in U.S. critical information network and systems via the malware’s tactics, techniques, and procedures (TTPs). 

To give you an idea of how dangerous the malware is, the Dragos report links the malware to the group responsible for Sandworm, a wicked zero-day vulnerability that executed code within affected systems by opening a backdoor for later access. This threat utilizes phishing attacks and has the ability to spread between networks with the goal of disrupting systems and stealing sensitive information.

In the CERT warning, the recommended way to handle CrashOverride is for utility companies to take a proactive stance when it comes to cybersecurity. This includes implementing techniques for providing and identifying malware. In truth, this is the same approach to cybersecurity that we recommend for all businesses, regardless of industry, size or location. As the sophistication of cybercrime continues to develop, properly monitored and maintained networks are a company's first line of defense. Contact us today to learn more about network security and best practices.

Tags:
CrashOverride Hackers Malware
Continue reading
0 Comment
John Reilly

These Police Officers Called for Backup... and it was Infected with Ransomware

Infradapt Blog
These Police Officers Called for Backup... and it was Infected with Ransomware

The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Tags:
Malware Ransomware Law Enforcement
Continue reading
0 Comment
John Reilly

How a Single Data Breach Can Cost You Millions of Dollars

Newsletter
How a Single Data Breach Can Cost You Millions of Dollars

With all of the major data breaches making the news these days, it’s not very surprising when you hear about a new one. However, what is surprising is just how much the average cost per breach has skyrocketed in recent years. The cost of data breaches is up 29 percent since 2013, which equates to roughly $4 million per data breach.

This sobering statistic is from a recent study by the Ponemon Institute and IBM Data. In it, 283 international companies that experienced a major data breach were examined. Here are some more findings from the study:

  • The United States leads in terms of sheer overall cost of breaches by record value. The value per record is $223 on average. In total, the average cost of a data breach in the United States was roughly $7.01 million.
  • Particular industries, like healthcare, education, and finance, have a higher value per record at $355, $246, and $221 respectively.
  • 48 percent of all data breaches were the result of malicious intent, like hacking attacks and network infiltrations.
  • Encryption and other security protocol decrease the costs of data breaches by up to $16/record.
  • How quickly a company responded to the security breach had a positive impact on the overall cost of the breach.
  • There’s a 26 percent chance that an enterprise will be hit by one or more data breaches of over 10,000 records within the next two years.

It’s important to keep in mind that this study doesn’t track the reputation fallout that a business experiences after news of their data breach goes public. This includes future customers choosing another business, as well as losing clientele. It’s difficult to put a number to factors like these, but one thing’s for sure; it will certainly be a major loss for any business that experiences a data breach. Reasons like these are why the average business that fails to recover their lost data after a breach will go out of business within one year of the incident.

Do you think that you’ve got what it takes to bounce back from a costly data breach? If you’re unprepared and you don’t have a proper data backup solution or your business continuity plan is inadequate, then you’re in for a world of hurt.

Therefore, how much should you invest in a quality data backup solution? Before you make your decision, consider three more relevant points of interest from the study.

Cost per record from data theft due to malicious intent: $236. This is data that’s considered lost or stolen due to hacking attacks like ransomware or viruses. This category is virtually limitless with thousands of new strains of malware released on the Internet every single day.
Cost per record from data loss due to hardware failure: $213. This is data that’s lost due to system malfunction or hardware failure, like a server or workstation crashing unexpectedly. The good news; hardware failure is relatively easy to safeguard yourself against if you follow best practices and perform routine maintenances on all of your equipment.
Cost per record from data loss due to human error: $197. This is data that’s lost due to the actions of the user. It could be from intentional actions like sabotage by a disgruntled employee, but it’s often accidental, like moving a file to the wrong place or deleting something important. The best way to protect yourself from human error is by educating everybody who accesses your company’s data; a tall task if your staff consists of computer novices.

The takeaway from all of this is that your data is perhaps worth more than what you realized. Therefore, you need to protect your company with solutions that can minimize the risk of threats and help you bounce back quickly, should a breach ever occur. Infradapt has the enterprise-level security solutions that you need, like firewall, antivirus, spam-blocking, content filtering, backup and disaster recovery, and more, to ensure your business won’t be derailed by an unforeseen data breach. To learn how we can best protect you, call us today at 800.394.2301.

Tags:
Malware Hackers Network Security
Continue reading
0 Comment
John Reilly

Threat Spotlight: How to Stop Brute Force Attacks

Newsletter
Threat Spotlight: How to Stop Brute Force Attacks

Hackers of all shapes and sizes use brute force attacks to gain access into accounts and infrastructures, but do you know how they work and what your business can do to protect against them? Failing to understand brute force attacks could put sensitive information in the crosshairs of hackers, and leave it vulnerable to ongoing attacks.

What Are Brute Force Attacks?
A brute force attack consists of a hacker repeatedly assaulting a login form with credentials at an incredible rate, hoping to crack the code and gain access without knowing the password to the account or system login. Most brute force attacks are performed by an algorithm that’s designed to rapidly input thousands upon thousands of credentials every second, hence the term “brute force.” Since it takes a more deliberate and frontal assault, rather than using a discrete or intellectual path, it’s considered more straightforward and forceful. Though there are many types of brute force attacks, one of the most common is called a dictionary attack, where password attempts are systematically generated with popular words pulled from the dictionary in order to access the system.

Why They’re a Problem
McAfee Security reports that in 2015, brute force attacks accounted for about 25 percent of all online hacks, second only to Denial of Service attacks. Perhaps this is due to how straightforward these attacks are, since they are deliberate attacks that don’t require skirting around security measures. Those behind brute force attacks know that they will be caught, which makes them particularly dangerous, since all caution is thrown to the wind and forgotten. These types of attacks are used to access accounts or system infrastructures in order to steal credentials like credit card numbers, Social Security numbers, and other data.

Plus, brute force attacks can be used to install a rootkit on a device, or turn a PC into a zombie bot. It’s not uncommon for brute force attacks to be used as a jumping-off point for other major threats.

What to Do
A security solution that can lock out users based on IP location or failed login attempts is one way to protect your business from brute force attacks, but if the attacker is executing the campaign with a botnet, these measures will be limited in their ability to protect you. Botnets consist of several infected computers with various IP addresses, acting as individual users, thus rendering your security measures useless.

One other technology that can be effective at eliminating brute force attacks is two-factor authentication. In addition to your password, two-factor authentication provides an extra layer of security. Basically, if hackers don’t have access to your physical device or a secondary email account, they won’t be able to get the second code required to access your account or infrastructure. Two-factor authentication is a great asset in general, so it’s worth taking into consideration regardless of what type of business you’re running.

Your business should be equipped to handle all types of online threats, particularly those which are dangerous and present a significant threat. Infradapt can help your business integrate solutions designed to maximize your organization’s security and continuity. To learn more, give us a call at 800.394.2301.

Tags:
Network Security Hackers Malware
Continue reading
0 Comment
1 2 3 4 5 6

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries