On December 10th, 2019, Wawa’s information security team discovered malware on its payment processing server. By December 12, the data breach was contained, but they fear the damage has already been done. In the statement released by Wawa, the “malware has affected customer payment card information, potentially used at all Wawa locations, starting from March 4, 2019, till [its] containment.” Furthermore, Wawa has promised that “…you will not be responsible for any fraudulent charges on your payment cards related to this incident…” As of containment, an investigation has been launched and it has been discovered that, while the data breach has affected credit and debit card numbers, expirations dates, and cardholder names, it has not compromised debit card PIN numbers, credit card CVV2 numbers (the three to four numbers found on the back of the cards), other PIN numbers, and driver’s license information used to verify age-restricted purchases…” To find out the steps you should take to make sure your information stays secure, visit the statement Wawa made. There you will be able to find exact details as to the steps needed to be taken to make sure you are financially compensated or make sure your information stays safe. To learn more about what we can do to assist your company, visit our What We Do page!
With the holidays fast approaching, everyone is looking for a way to make a few extra dollars. However, some of us are doing it in a less than legal way, making the holidays tougher for others. Dexphot has been on a crime spree as of late, infecting upwards of 80,000 computers with cryptocurrency miners. The good news is that its crime spree, since 2018, has begun to decline. What is Dexphot? Considered to be unnecessarily complex for its task, Dexphot is a malware strain that uses your machine to mine for cryptocurrency. Its complexity lies within its ability to hide from security solutions. According to Microsoft, Dexphot uses “obfuscation, encryption and the use of randomized file names [to hide] the installation process.” As well as being designed to “fly under the radar”, through hijacking legitimate system processes, Dexphot was also designed to reinstall itself, should its location within the victim’s machine become compromised. How Dexphot Spreads Microsoft describes Dexphot as a second-stage payload – a type of malware that is dropped on systems already infected with other malware. The most common of these malware strains which assist Dexphot’s ability to spread was ICLoader, “a malware strain that’s usually side-installed as part of software bundles, without the user’s knowledge, or when users download and install cracked or pirated software,” says ZDnet.com. Once infected with ICLoader, Dexphot would then be remotely installed on the victim’s computer, further compromising the machine. Once inside, Dexphot would use legitimate Windows system processes to avoid detection from antivirus solutions. But that is not the only ace Dexphot has up its sleeve. Through a technique called polymorphism, Dexphot would be able to change used file names and URLs in regular intervals, making it extremely hard for traditional antivirus solutions to lock onto the virus. Another sneaky technique used by Dexphot was its ability to reinstall itself on the victim’s machine. Not only did this serve as a safeguard to avoid deletion, but it also means that the attackers could update the malware and have the updated version automatically installed on the victim’s machine, helping to further its ability to avoid detection. How to Stay Safe From Cryptocurrency Miners As unfortunate as it is, malware like Dexphot is more common then you may think. Cryptocurrency miners are a common malware cybercriminals install on machines so that they can generate revenue. These kinds of malware work in the background, generating revenue while you use your computer. Thankfully, there is hope when it comes to Dexphot. Microsoft, through their Microsoft Defender Advanced Threat Protection, is able to detect and stop viruses like Dexphot before they become an issue. As always, if you are worried about your company’s virus protection contact Hammett Technologies. We ensure all your technology needs are met. If you have any questions regarding anything above, please feel free to give us a call. We are happy to assist you, or your company, with all your cybersecurity needs! To learn more about what we can do to assist your company, visit our What We Do page!
Pitney Bowes, the e-commerce and tech-shipping company, has suffered a ransomware attack. On October 14th, the company disclosed that they were victims of a malware attack that resulted in the encryption of information systems and disabled customer access to some services. As of now, Pitney Bowes has confirmed that it is working with third-party security experts and consultants. However, the identity of these experts is still unknown. The company has also disclosed that, as of now, it does not appear that customer data or any other sensitive information had been accessed. While this is reassuring, it is important to air on the side of caution. Ransomware attacks are not known to be a form of heckling someone. Pitney Bowes has yet to disclose whether the attack was directed at a certain employee, or if it was transported to them through a third-party service provider. Furthermore, it is unknown if the company’s MSP was monitoring the security network before the attack occurred. We expect to learn more information and will keep you apprised of the situation as the story develops. What’s Next? If you believe you were affected by this attack, we recommend following the developments on Pitney Bowes’s Twitter as well as there webpage that is posting live updates of the situation as it develops. The company has stated that it plans on keeping its users as up-to-date on the situation as possible. It is important that you, as a business owner, trust your MSP to monitor your network and keep your customer’s and employee’s sensitive information out of the hands of criminals. Hammett Technologies has proven time and time again that we are able to handle ourselves in the event of a crisis and secure all sensitive information before it falls into the hands of thieves. To learn more about what we do, visit the What We Do page, or give us a call today!
Its no denying that Windows Defender has come a long way since its debut in 2006. When it was first revealed, Windows Defender was a laughable attempt at an antivirus solution, however, Microsoft, with the release of Windows 10, had started to show neglect for the free antivirus solution. After a while, Microsoft was able to create a competitive, free, antivirus solution for its customers. Although, what they didn’t consider was how often their updates affect other areas of their operating system. Shooting Themselves in the Foot While patching an error within Windows Defender, Microsoft unknowingly gave themselves another, equally worrisome problem to deal with. The update to Windows Defender on September 16th was to patch out a coding flaw that would send an error to users when a file system was scanned and needed repair. However, when the update was pushed out to users, it was discovered that both the quick scan and full scan options were broken. Most of the time, when running a full or quick scan on your machine, you can expect to wait anywhere between 15 minutes to 4 hours, depending on how much used space you have. However, users were reporting that, after the update, when running a quick or full scan on their machines, Windows Defender would scan only a small amount of their files before completing. However, if you still wish to run a scan on your machine, or need to run a scan, there is a workaround. By running a Custom Scan, you can specify which drive you wish Windows Defender to inspect, and the scan should run and complete normally. What You Need to Do Reported by numerous other sites, such as Forbes and BleepingComputer, Microsoft has already released a fix for the issue! So, while it can be said that they broke Windows Defender, they also fixed it within a day, showing they are capable of maintaining their antivirus solution. The update should automatically trigger for users, but to be sure, make certain you manually check for updates! Furthermore, it is important that those who are using Windows Defender as their antivirus solution do not adopt the policy of not updating their machines. Microsoft is usually upfront and honest about errors that occur with their operating system due to updates while following up that honesty with a quick response time to get a patch out to all users. It is important to remember that not updating your machine is usually worse than dealing with the occasional breakage that may occur. That said, waiting a day or two before updating, to make sure the update is clean of bugs and errors, is always a wise route to take!
New ransomware, Nemty, has been discovered according to the report from BleepingComputer. Nemty, as security researchers are calling it, has the possibility to spread using compromised Remote Desktop Protocol (RDP) connections. Nemty, like all other ransomware, holds the victim’s files hostage, deleting all shadow versions of the files while disabling the victim from any attempted recovery options. Payment is then required via bitcoins, which average about $1,000. Those infected will be prompted with this message: Unfortunately, being so new, a known fix is not available, but security researchers are working diligently to find a fix. While RDP is suspected to be the method of distribution for the ransomware, researchers have not yet confirmed this finding. Most ransomware is distributed through phishing emails. If RDP is the method of distribution, confirming hackers have gained higher access to the machine, cutting out the middleman, and giving them full control of the computer. If you would like to find out more about how Hammett Technologies can keep your company safe, click here!
Security researchers have discovered a security hole in Samsung, LG, Huawei, Sony, and other Android-based phones, leaving multiple users vulnerable to phishing attacks through text messaging. The exploit takes advantage of the over-the-air (OTA) provisioning. Security researchers discovered that the industry standard of OTA provisioning, Open Mobile Alliance Client Provisioning (OMA CP), can be hacked into, allowing attackers to pose as network operators, sending false OMA CP messages to users. If hackers successfully gain access to the OTA, they can use OMA CP to send messages similar to the one above. These messages will ask the user to install new settings on applications. Upon installing, all traffic will then be redirected through a proxy server owned by the attacker, allowing them to read sensitive information. Out of all Android devices affected, researchers agreed that Samsung is the most vulnerable to this attack. Due to the lack of authentication on received OMA CP messages, users only need to accept the CP to install the malicious applications on their phones. Phones from Huawei and Sony do have a secondary defense against CP messages through the International Mobile Subscriber Identity (IMSI). However, hackers can also obtain this relatively easily. One such way was to download a malicious app meant to read the IMSI off a user’s phone. Another way, which entirely bypasses the IMSI is if the attacker sends the user a text message asking them to accept and install a pin-protected OMA CP message. If the pin is entered, the malicious software will be installed on the phone, completely bypassing the IMSI. If you are unsure if the message on your screen is from a trusted supplier, you should contact your service provider before continuing the installation. Small precautions like this can save you both time and energy in the future and prevent your sensitive information from being read by untrusted individuals. If you are worried about the security of your devices, consider contacting Hammett Technologies! Our team of trained professionals will make sure all your connected devices remain secure and up to date, saving you the headache! If you would like to learn more about what we do, click here!
Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through. If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems. Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research
It’s finally time to say goodbye to our old friend. In a few months, January 14, 2020, to be exact, Windows 7 will officially no longer be receiving security patches and updates from Microsoft. Therefore, if you are one of the many still calling Windows 7 your home, it may be time to think about moving to Windows 10. Why is this Important to Me? Many of you are probably thinking, “Why should I worry about moving to a new operating system?”. The answer is security. When Microsoft pulls the plug on the extended support (January 14, 2020) that means Windows 7 will no longer receive any critical updates. Updates that would fix security holes and exploits. This means that the longer you wait to move to Windows 10, the more at risk you are of an attack. Why Not Move to Windows 8? If you are looking for an Operating System similar to Windows 7, you should look no further than to Windows 10. Windows 10, while there are differences between them, is more similar to Windows 7. Windows 8, on the other hand, is, for lack of a better term, a mess. The desperate attempt to mix the mobile and PC platform was a disaster and will ultimately leave you with a sour taste wishing for anything else. The other reason to make the jump to Windows 10 and not 8 is because Windows 8 will also cease support soon. In January 2023 the extended support for Windows 8 will end, and with it will come the same security risks of Windows 7. As we said earlier, for those of you looking to fill the void left from your goodbye to Windows 7, Windows 10 is there. If you find yourself needing assistance in migrating yourself or your company to Windows 10, please give us a call! We will be more than happy to assist you in the transition to Windows 10! To learn more about what we can do to assist your company’s growth, click here!
In 2017, Equifax had just suffered a massive data breach, resulting in the theft of over half of all American adults’ personal information. Now, 2 years later, Equifax will pay a total of $700 million in fines for laws they broke and their negligent handling of consumer data. Reuters stated that of the $700 million, Equifax is set to pay $300 million in damages to consumers, a number that could climb as high as $425 million depending on how many people claim damages. LifeHacker has outlined exactly what to expect if you were a part of the 147 million Americans who had their data stolen. If you were to file a claim now, expect one of the following outcomes: 1. Free credit monitoring for four years through Experian, or six years through Equifax. However, if you already have credit monitoring for the next six months, you could file a claim for the sum of $125 cash. 2. Up to $20,000 cash if you can prove damages due to the data breach. However, to claim, let alone obtain such a large sum of money will require that you are able to prove without a doubt that you suffered damages directly related to the Equifax data breach. 3. Identity restoration services for free for the next seven years. Chief Executive Mark Begor from Equifax said that he expects the $425 million would be enough to ensure all those who suffered damages would be financially compensated. However, US consumer advocates voiced several concerns regarding the supposed “substantial” amount. Ed Mierzwinski of the U.S. Public Interest Research Group regarded the fine as “…a parking ticket, not a penalty.” He also finds the number of hoops consumers must jump through, in order to be compensated for Equifax’s negligent handling of consumer sensitive information, ridiculous. Concerns about the short-sightedness of these “penalties and fines” is also on the minds of some. Chi Chi Wu, the attorney for the National Consumer Law Center stated that “The settlement provides some compensation right now, but the risk of identity theft is forever.” Many believe Equifax has been “let off the hook” for the largest data breach in American history, a viewpoint hard to argue with. After reading this, you are probably wondering yourself if your information had been compromised due to the breach. Well, the good news is that I can provide you the link to the website but can promise nothing in terms of the outcome of your discovery! Equifax has provided a website for consumers to review their data information. If you are a business owner and are worried about the security and safety of your business’s sensitive information, contact Hammett Technologies! We are experts in data security and can guarantee the safety and security of all your company’s sensitive information! Click here to learn how we can help your company stay secure!
Following the cyber-attacks that occurred in Baltimore and Florida, last week, Monroe College in New York, had multiple campuses hit, and taken offline, by ransomware, crippling the college’s network. This has not just affected the school’s administrative departments; however; it has also hurt students and teachers. The ransomware is asking for an obscene $2 million for the safe return of the college’s data. Jackie Rugger, the executive director of public affairs at the college, said in an interview on Friday (07/12) with Inside Higher Ed that the school was still unsure who had carried out the attack, but that the school was actively working with local law enforcement and the FBI in order to determine where the attack originated from. There was no comment on whether the school would pay the $2 million ransom. For now, Rugger said, the school continues to operate. However, they have been forced to resort to using “historic” methods. Students and teachers have still been able to attend classes, with homework being turned in on paper. Ransomware infections are usually due to someone on the network falling victim to a phishing email scam. It is difficult to determine the severity and exact amount of ransomware attacks that occur daily, but cybersecurity firms believe that attacks are on the rise. What makes this attack different is that ransomware attacks that focus on colleges usually focus on a specific individual rather than the entire network, said Ben Woelk, according to Insider Higher Ed. He stated that this attack is demanding an amount of money he had ever witnessed before. Depending on how Monroe College reacts to this technological hostage situation could determine whether we see a string of upcoming ransomware attacks on colleges across the country. Cybersecurity analysts, as well as the FBI, believe that no business or institution should pay the ransom, should their network become infected. With no guarantee that the criminals would provide a key upon payment, it seems as though not paying would be a company’s best option. However, with ransomware, companies must understand that with each day, the ransom will continue to increase. In Baltimore, the city government refused to pay to ransom, opting to revamp its network, costing over $18 million. Therefore, despite the lack of reliability on criminals, businesses, and institution placed in this situation must come to terms with the lesser of two evils. At Hammett Technologies, our partners never have to worry about ransomware attacks. We use state-of-the-art cybersecurity software and hardware to ensure our partner’s data security, while not interrupting or slowing down their work process. Hammett Technologies practices prevention, halting cyber-attacks before our partners even know they were there. Want more information as to how we can help your business grow? Click here!