2021 Cyber Attacks – Lessons To Apply For A More Secure 2022

Hackers have hit a wide variety of industries this year, from computer manufacturers to insurance companies, schools to the NBA. A review of prominent 2021 cyber attacks reveals a few common themes. And organizations that apply the lessons learned from these attacks can look forward to a more secure 2022.

No one gets a free pass
It would be difficult to describe the profile of a typical data breach victim in 2021. Large corporations like Volkswagen and Experian got hit. At the same time, even small, low-profile businesses suffered in the Microsoft Exchange and Kaseya attacks. Ransomware crippled hospitals, manufacturers, municipalities, retail and more.

No matter how big or how small, any organization with Internet connections can become a target of attack. Hackers continually hone their skills and add to their toolsets. Consequently, businesses cannot afford to relax their security stance. Get started early on your New Year’s resolutions by committing to invest in cybersecurity.

Apply security patches quickly
When hackers exploited vulnerabilities in the Microsoft Exchange server, they disrupted 60,000 companies and government agencies in the US. Microsoft released security patches quickly. However, many organizations delayed applying the patches. The attack group Hafnium then ran Internet scans to find and exploit unpatched servers.

Take the time to apply software and firmware updates quickly. Take it a step further and turn on automatic updates where possible. This applies not just to servers but to all devices with access to the system.

Step up endpoint security
The rapid switch to remote work completely changed the security perimeter for many organizations, and hackers took advantage. For instance, when insurance giant CNA sustained a ransomware attack, 15,000 devices were encrypted, including those used by remote employees.

When remote work takes center stage, organizations need to strengthen endpoint security. Begin by creating and updating an inventory of all devices connecting to the system.

Enforce strong authentication policies and keep endpoints encrypted. Additionally, monitor the endpoints for unusual activity when connected to the network.

Monitor those business partners
In April, the REvil gang attacked Quanta, a supplier for Apple. REvil used the attack to pressure Apple, claiming to have obtained secret blueprints for yet-to-be-released Apple products. Similarly, parking app Park Mobile suffered a breach because of a vulnerability in a third-party software app.

While strengthening inhouse security, organizations cannot forget about their business partners. Be sure to vet third parties, building security policies into vendor contracts. Then continue to monitor those relationships, including performing regular audits.

Automate the backup process
Fortunately, the list of 2021 cyber attacks includes some positive notes. Attackers hit Polish video game development firm CD Projekt, encrypting devices and accessing source code. However, because the company had quality backups in place, they were able to restore the lost data without paying the ransom.

For decades, security experts have emphasized the importance of performing regular backups. Automating the process takes the burden off IT and delivers peace of mind.

Strengthen authentication and identity management
In April, attackers used a compromised password to access the networks of Colonial Pipeline, disrupting gas supplies and causing panic.

As government officials investigated, they concluded that stronger protections, such as multi-factor authentication, could have prevented the attack.

Identity and access management form a critical component of securing valuable digital assets. Companies should assess and strengthen authentication methods and tighten access controls.

Take protective steps against phishing
According to a recent report on cybersecurity breaches, phishing remains the most common type of cyber attack. For instance, in an attack on Nebraska Medicine, hackers gained entrance to the system and planted malware, eventually exposing over 200,000 patient records.

To protect against phishing and other social engineering attacks, organizations should implement email filtering and continuous network monitoring.

But the most important safety measure remains addressing the human factor with regular, targeted security awareness training.

Treat 2021 cyber attacks as a wakeup call
Reflecting on the high-profile cyber attacks of the past year can provide both the motivation and a blueprint for addressing cybersecurity. And the cybersecurity experts at Tech Experts bring the expertise and tools you need to keep your data and networks safe.

Three Steps To Improve Your Ransomware Resilience

This is a cold hard fact: Ransomware is on the rise.

What is ransomware?

It’s where hackers break into your network, encrypt your data so you can’t access it, and then charge you a large ransom fee to unlock it. It’s the most disruptive and costly kind of attack you can imagine. And very hard to undo.

Why is it a big deal?

Ransomware attacks are dramatically up thanks to the pandemic. All the urgent changes that businesses went through last year created a perfect storm with plenty of new opportunities for cyber criminals.

Is my business really at risk?

Thanks to automated tools used by hackers, all businesses are being targeted all the time. In fact, hackers prefer to target small businesses as they typically invest less time and money into preventive security measures compared to large companies. It’s estimated a business is infected with ransomware every 14 seconds.

How can my business get infected with ransomware?

42% of ransomware comes from phishing emails. This is where you get a legitimate-looking email asking you to take a specific action. You only need to click a bad link once to let attackers quietly into your system. And it doesn’t have to be you who clicks… it could be any member of your team.

Why is it so hard to undo?

A ransomware attack takes weeks for the hackers to set up. Once inside a network, they stay hidden and take their time to make lots of changes. Essentially, they’re making it virtually impossible for an IT security company such as ours to undo the damage and kick them out once the attack has started. If you haven’t thoroughly prepared for a ransomware attack before it happens, you are much more likely to have to pay the fee.

How much is the typical ransom?

The hackers aren’t stupid. They know trying to get $150,000 out of a small business simply won’t happen. But you might stump up $10,000 just to end the hell of a ransomware attack. They will change their ransom demand based on how much money they believe a business has.

Of course, the ransom isn’t the only cost associated with an attack. There are countless indirect costs. Such as being unable to access your data or systems for a week or longer. How horrendous would it be if no one could do any work on their computer for a week? How would your customers react to that?

What can I do now to protect my business?

This is the most important question to ask. It’s virtually impossible to stop a ransomware attack from happening. But you can do an enormous amount of preparation, so if an attack does happen, it’s an inconvenience, not a catastrophe.

Here are the three steps we recommend for maximizing your ransomware resilience.

Act as if there’s no software protecting you

Software is essential to keep your business safe from all the cyber security threats. But there’s a downside of using this software – it can make you and your team complacent.

Actually, humans are the first defense against cyber-attacks. For example, if your team doesn’t click on a bad link in a phishing email in the first place, then you’re not relying on software to detect an attack and try to stop it.

This means basic training for everyone in the business, and then keeping them up-to-date with the latest threats.

Invest in the best data backup and recovery you can

Automatic off-site data backup is a business basic. When you have a working backup in place, it can be tempting not to give it a second thought.

But it’s worth remembering that cyber criminals will take any means necessary to get you to pay their ransom. That means they’ll target your backup files too. Including cloud-based data.

It’s critical that you create and implement a comprehensive back-up and recovery approach to all of your business data. The National Institute of Standards and Technology sets out a cyber security framework which includes best practices such as:

• Constant backups: Separate from the computers and ideally in the cloud
• Immutable storage: This means once created, backups can’t be changed
• Firewalls: To restrict what data gets in and out

Create a plan for cyber-attacks

When a cyber-attack happens, every second is crucial. The earlier you act, the less damage is caused.

So, prepare a detailed plan of action and make sure everyone knows what’s in it, where to find it, and how to trigger it.

Test your plan regularly to make sure of its effectiveness and remove any risk of failure by keeping at least three copies of it in different places. One should be a printout kept at someone’s home… just in case you have zero access to data storage.

Human Error: The Reason Why Cybercriminals Love Email

Mark Funchion is a network technician at Tech Experts.

Defending your data network against viruses, malware, ransomware, and other threats is a never-ending battle. Some attacks can be very sophisticated, using extremely complex techniques to try and exploit even the most secure networks. However, the vast majority of threats to your network – over 80% – are delivered through a very basic method: email.

Email is a common tool that many of us use constantly at work. Oftentimes, we use it without giving much thought to what we’re doing or what we’re opening.

It’s normal for co-workers, clients, or new prospects to communicate and share files with us via email. The file can be a document, spreadsheet, PDF, etc., but the fact is that it’s common and repetitive to us.

Like anything we do frequently, we can develop muscle memory. Think about the program guide on your TV – you probably navigate the menus without thinking. After an update or a provider switch, those menus can change and you might click the wrong buttons out of habit. No harm there.

But consider making the same mistake when a document is sent to you. The message arrives, and you briefly glance at who it’s from. Maybe you recognize them, maybe you don’t. You see an attachment, and you open it out of habit. The file is infected, and in less than a second, the damage has begun.

Like it or not, the people who are attacking your systems are running a business. Like any business, they are concerned with the return on their investment. Developing high-end, sophisticated attacks takes time and skill, which is expensive to do.

However, minimal skill is required to send an email – and that process can be replicated to hundreds of thousands of users with a simple click of a button. And almost everyone working today might accidentally open an email with little to no thought.

For small businesses, having a firewall, an email filter, and anti-virus software is a must. We can help install and maintain that infrastructure. Unfortunately, the methods that attackers use to slip under your defenses are always changing.

It is important that you and your staff – the end users who do the clicking – still do your part and remain vigilant. Attackers send such a high percentage of attacks through email because of that human element. It works.

It’s essential that you fight your muscle memory and treat email like physical mail. Look at what is being sent, who it is from, and if there is anything attached. If anything seems off, do not open it. Always err on the side of caution.

Also, if you do open something you shouldn’t, it’s better to notify your IT department or provider of a potential issue so they can look at what you were sent.

Often, I have observed someone get a suspicious message, open it, notice something is not right, then forward it to a co-worker for help. By sending the message on, there is a potential to increase the scope of damage done.

Those looking to do harm and steal information will always try the path of least resistance. All the security in the world can’t stop an intruder if you open the door for them.

The same caution you take at home when an unexpected knock is heard should be how you handle all email. Consider the source and content, and if you have doubts, don’t open the message. Delete it.

Malware will never be fully eradicated – cybercriminals will make sure of that – but you can do your part to make sure you do not infect your PC or business.

Think You’re Covered For Ransomware? Best To Double Check

On May 9, European insurance giant AXA announced it will no longer provide support for ransom payments made to hackers.

While AXA appears to be the first insurer to deny ransom payments, the move could signal an impending shift in ransomware insurance coverage.

The AXA announcement comes as ransomware attacks prove an increasingly lucrative business model.

For instance, victims paid an estimated $350 million in ransom payments in 2020, over 300 percent more than in 2019. In recent high-profile cases, Colonial Pipeline paid attackers $4.4 million, and CNA Financial Corporation paid a whopping $40 million.

Meanwhile, cyber criminals continue to attack organizations across critical sectors. While the FBI and other security experts warn against paying ransoms, companies face devastating losses and even interruptions to critical care.

Cybersecurity best practices, combined with following recommended steps when an attack does occur, may provide the best protection.

Ransomware insurance coverage

Cyber insurance has become a hot topic as organizations scramble to protect themselves against losses resulting from cyber-attacks. In addition to ransom negotiations and payments, typical policies also cover legal costs, as well as costs for forensic analysis, data restoration and communications related to the breach.

However, even before the AXA announcement, many cyber insurance companies had begun to ask more from the companies they insure.

For instance, some insurers require policy holders to complete certain basic security steps. Others have begun to charge a coinsurance or limit payment to a percentage of the loss incurred.

To pay or not to pay

This evolution in cyber insurance reflects more than a move by insurers to manage their own risk. The FBI and other government agencies, as well as many cybersecurity experts, warn against paying ransoms. Researchers at cybersecurity provider Kaspersky explain that paying a ransom provides no guarantee that organizations will recover their data intact.

More importantly, paying the ransom encourages attackers to carry out more attacks. And some experts suggest that carrying cyber insurance actually makes organizations more attractive targets. Clearly, companies cannot depend on insurers to continue to shoulder the bulk of the cyber risk.

Best practices to protect against ransomware attacks

While cyber insurance still provides significant benefits, organizations must focus on cybersecurity best practices to defend against ransomware. Some of those best practices include:

Regular backups – Conduct regular data backups, including system images. Keep multiple copies of the backups, including a copy not connected to the network. And make sure to test the backups.

Keep systems and software up to date – Apply security updates to software, firmware and operating systems when they become available. This includes antivirus and other security solutions.

Develop and review an incident response plan – Having a detailed plan in place before a security incident occurs greatly increases the chance of a successful outcome.

Conduct regular cybersecurity training – While organizations can, and should, implement technology solutions, employees remain a key line of defense against cyber-attacks. Make sure users know how to recognize phishing attempts, share files safely and secure home offices.

Address third party risks – Look into the security practices of the vendors with which you do business to ensure they do not put your company at further risk.

Carefully regulate access controls – Give users only the access they need to the services and data necessary to perform their jobs. This proves even more important in a remote work environment.

Lately, Ransomware Has Added Blackmail To Its Arsenal

Mark Funchion is a network technician at Tech Experts.

At this point, ransomware is practically a lifeform – it’s constantly growing and adapting.

Originally, if you were hit with ransomware, your data was encrypted and you could pay to (hopefully) get the data restored.

If you had an effective backup solution, you could restore your data without paying and adjust your security to prevent this from happening again.

Now, many of these attackers using ransomware have upped their game. They realize that more businesses are using backups, so the chances of getting paid are lessening. To combat that, the attackers added an additional feature to their attacks: blackmail / extortion.

Not only do they encrypt your data, but they take it as well. Now, the payment is to decrypt the data AND keep it from being posted online for all to see.

If you are a business with sensitive files, this can be a real issue. Having a backup is not enough in this case; even if you don’t pay the ransom and you’re back up and running in a few hours, all your data could be shared. Worse than the hassle of recreating all your files, the lasting effects from customer data, financials, and personal information being leaked could be devastating.

This is why it’s crucial to partner with an IT provider who understands network security.

An effective and tested backup solution is important, but there’s more that you need to have in order to be protected. Your network needs to be secured with a firewall, and all your devices need to be patched regularly to limit your exposure when exploits are discovered.

Are you using 2FA? Do you know what 2FA is? Are your passwords changed regularly and are they complex? Do all users in your office use the same password? Do they share accounts?

We know it seems more efficient to have easy passwords and shared log-ins, but it’s a huge security risk.

Businesses often find it easier to give users full administrative access to their local machine and network shares too. However, in that scenario, one compromised password that has full access to everything means the attackers do not need to look any further and can “walk” right in.

Another item that too many people turn off or find annoying is User Account Control. Yes, it can be frustrating to verify your user identity when you want to make changes.

That is, until a malicious program is launched without your knowledge and the User Account Control prompt stops your network and data from being attacked. What’s worse – a few seconds’ worth of verification or a costly business disaster?

These cyberthreats will always continue to grow and evolve. They have been since we started using the Internet. If you are not in the business of technology, it is very difficult for you to adapt efficiently enough to stay secure.

That is why the right technology partner who does adapt and evolve is very important to the success of your business.

Over $1 Trillion Lost To Cyber-crime Every Year

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

$1 trillion! That’s a lot of money. And it’s a figure that’s increased by more than 50% since 2018.

In 2019, two-thirds of all organizations reported some type of incident relating to cyber-crime.

You could make a sure bet this figure rose significantly last year, thanks to criminals taking advantage of the pandemic.

It’s easy to look at big figures like these and not relate them back to your own business. But here’s the thing. The average cost of a data breach to a business is estimated to be around $500,000.

[Read more…]

Four Signs You’re Under Attack From Ransomware

You’ve probably heard a lot about ransomware recently. This is the computer attack where a hacker locks you out of your systems and data. And you must pay a ransom, typically in Bitcoin, to get access again.

While it’s not a new crime, it’s one of the fastest growing crimes online because it’s so lucrative to criminals. Thanks to COVID and work-from-home, more and more businesses are unintentionally opening themselves up to the threat.

In fact, it’s estimated there are more than a hundred calls to insurers every day relating to problems caused by ransomware. Unless you take necessary precautions, your business could fall victim.

But how do you know you’re not already under attack? Because here’s something most people don’t realize about ransomware. If a hacker gets access to your systems today, they won’t launch the attack right away. It can take around 60 to 100 days – if not longer – from the time you’re breached, to the delivery of ransomware.

You might be wondering why these cybercriminals spend such a long time launching their attack. They spend weeks or more just skulking around, investigating your network for weaknesses, and waiting for just the right time to maximize their profit.

So how do you know if you’re under attack? And what do you do if you are? Here are four of the best ways for you to check that your network is safe and secure.

Check for open RDP links
What’s an RDP link and how do you open or close it? We don’t want to get too techy here, so put simply, an RDP (or Remote Desktop Protocol) is Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the Internet.

You’re probably utilizing this kind of thing if you’ve had any of your people working from home this year, as it makes remote access a lot easier. But RDP links left open to the Internet are a very common route for cybercriminals to enter your network.

Look for unexpected software
One of the methods ransomware gangs use to take control of your system is certain software tools. It’s important that you use a network scanner to check exactly what’s running and who’s running it.

Often, cybercriminals will take control of just one PC first, perhaps using a phishing email to persuade someone to click on a bad link without realizing it. Once they have control of one PC, they can then target the entire network.

Criminals also utilize tools to steal your passwords and log-in credentials. If you spot anything unfamiliar anywhere in your system, contact your IT support partner, who can investigate further.

Monitor your administrators
Your network administrators typically have the authority over which applications are downloaded to your network. So what’s the best way for hackers to download the applications they need? They create a new administrator account for themselves.

Then they can download whichever tools they need to compromise your network.

Check for disabled tools and software
Once the cybercriminals have administrator rights, they can locate and disable your security software. You can tell that an attack is close to being launched if something called Active Directory and your domain controllers are disabled.

Next, any backup data the criminals have found will be corrupted. And any systems that automatically deploy software will also be disabled to stop your attempts to update your computers after an attack.

It’s worth remembering that this will all be done slowly. Your hackers will take their time because that makes it much harder to detect them.

Once an attack has been launched and your data held to ransom, most of the time there’s little you can do other than attempt to restore backups. Or pay the ransom.

The hackers have normally been so thorough with their preparation that even the best IT security specialists have few options open to them.

So, once you’ve detected that something might be wrong, what can you do to stop an attack from being launched?

You can force a password change across your core systems, which many times will also throw your attackers out.

Monitor your administrator accounts. This may sound like a simple step, but you’d be surprised at how often it’s neglected.

Keep all of your software and security patched and updated. It’s very tempting to click ‘later’ on updates. But saving a little time now is not worth the huge amount of time and money that you’ll lose should you become the victim of a ransomware attack.

Implement multi-factor authentication across all of your applications, if you haven’t already. This adds another level of security for your network and helps to prevent unauthorized access.

Is There A Hidden Intruder Lurking In Your Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

If you’re like us, you believe you have the best, most trustworthy people working for you.

But have you ever considered the possibility you may have someone unknown hidden within your business, trying to cause a lot of damage and make a lot of money at the same time?

This might sound a little far-fetched. Perhaps something that’s more likely to happen in a film than in your business.

But actually, you’d be surprised. Cyber criminals are targeting businesses exactly like yours all the time.

Because often, small and medium sized businesses don’t spend big bucks on their cyber security. Hackers know this. And will put a lot of effort in to try to exploit that. [Read more…]

Targeted Attacks On Small Businesses Are On The Rise

Mark Funchion is a network technician at Tech Experts.

Many of us have heard of ransomware. This is an attack where someone gains access to a system and encrypts all of the data until a ransom is paid. Once they get their money, they either unencrypt the data… or not. There is no guarantee that paying the ransom will actually work.

Most attacks in the past, both viruses and ransomware, were the “spray and pray” variety. Basically, the attackers would send out thousands (or hundreds of thousands) of emails and hope that a small percentage of them were successful. This procedure worked, but the success rate was low and the attackers had to have a large volume to make it successful.

The more profitable attacks that are on the rise are targeted attacks. These attacks rely on quality rather than quantity. Research goes into the attacks that then target a single or very few companies. These attackers will even go as far to check a company or institution’s financial information to see how much of a ransom they can expect to get.

In addition to demanding a ransom for the data to be decrypted, there is often a threat that the data will be released if the ransom is not paid. The threat of data being released can lead to the ransom being paid even if the target has a way to recover from the attack.

While many home users would hate to have their data released, it would not be completely devastating in most cases. If you are a financial, medical, or education institution, it could end your business or severely harm it. These institutions all contain sensitive information of their employees and clients.

For this reason, a recent spike has been seen in the UK involving their schools. Attackers are seeing schools as an easier target in today’s environment with the increase in remote learning. Banks and hospitals have been targeted numerous times before, and their main goal is to be as secure as possible, spending large amounts of money on it.

Schools and universities, on the other hand, are concerned with security, but they’re in a position today with COVID where they need to have fairly open access.

As colleges are pivoting to a distance learning model on a scale never envisioned, they have to allow more and more access in. This means more and more devices the schools have no direct control over, creating potential entry points into the network.

Although most of you reading this are not educational institutions, there is no industry or business (regardless of size) that is safe from a potential attack. Having a good network security system in place with effective backups is critical.

Don’t rely only on a day or a few days’ worth of backups either; some attacks will infect a system, then remain dormant for a while, hoping to outlive the backups you have available.

Having a technology partner who understands the dangers and how to recover is essential. You cannot just plug in a firewall and use an antivirus software and consider yourself protected.

Your business should have an incident response plan that includes backups and restore procedures, as well as testing. You also need to make sure you have a procedure to keep all of your systems up-to-date with the most current patches. Making sure any remote sessions are secure and using 2FA whenever possible is another area often overlooked too.

The list of vulnerabilities is endless, but we are here to assist. Let us provide you the security and comfort that your business is protecting not only your data, but your users from a potential breach.

Why IT Professional Are Terrified Of Ransomware

If you want to scare someone who works in IT, start talking to them about ransomware.

There are few things as scary for IT professionals as the prospect of their systems locking up with hackers demanding money to return things back to normal.

When discussing it, you may notice them breaking into a sweat and starting fidgeting as they contemplate one of the most terrifying cybersecurity threats computers face.

How does ransomware spread?
There are several ways that ransomware can get into computers.

Email is one of the most common ways in. Hackers will send bad files that can trigger a ransomware infection when opened and quickly spread across your network.

Another favorite way to spread ransomware is to send bad URL links that download ransomware when they’re clicked. This ‘drive-by downloading’ can happen without anybody noticing that anything has happened until it’s too late.

These bad files and links are not always easy to spot. Cybercriminals are getting increasingly sophisticated in the ways they try to persuade people to do what they want them to do.

A growing trend is for cybercriminals to pose as trusted people, like a client, a colleague, or a friend. And ask you to do something urgently before you have the time to think things through.

This isn’t a modern crime. Ransomware’s been around for years
Ransomware dates to the late 1980s when payment was often sent by check through the mail!

Now, modern hackers normally demand payment in cryptocurrencies that make them much more difficult to track.

Here is some information on two of the more infamous ransomware attacks.

WannaCry
The WannaCry ransomware attack took over the news when it spread widely in 2017.

More than 200,000 computers in over 100 countries were left useless. The ransomware exposed weaknesses in critical IT systems, like those in hospitals and factories.

One of the worst-hit victims was the National Health Service (NHS) in the UK. Operating theatre equipment, MRI scanners, and other computers essential for hospitals were left useless and patients suffered.

NotPetya
NotPetya is less well-known than WannaCry but the financial costs are estimated to have been far higher.

Mainly spread among businesses due to the early infection of a major financial software vendor, the cost of this ransomware to small businesses and governments is estimated to have been around $10 billion.

This attack impacted computers around the world. But around 80% of the cases are estimated to have been in Ukraine.