Earlier this week, a massive Twitter hack occurred, involving famous individuals and high-profile politicians. These hacked accounts asked for bitcoins and offered to “double the amount” to “give back to the community.” Twitter, while conducting its investigation, has commented on the situation, stating that the hackers had specifically targeted employees who had access to internal systems and tools. Twitter is calling this attack a “coordinated social engineering attack.” Furthermore, Twitter has also stated that they are investigating other potential “malicious activities” that may have taken place during the attack. However, these have not done much to help calm down the victims of the hack. US Sen. Edward Markey commented on the situation and stated that this kind of attack is “extremely troubling.” “While this scheme appears financially motivated and, as a result, presents a threat to Twitter users, imagine if these bad actors had a different intent to use powerful voices to spread disinformation to interfere without elections potentially, disrupts the stock market, or upset our international relations.” Twitter has confirmed that the hackers while targeting 130 accounts, were only able to access a small portion of them. This “small portion” was then used to create cryptocurrency fraud, stated the FBI. The FBI went on to mention the importance of practice cybersecurity and becoming knowledgable in common internet scams and schemes. Bitcoin, while the cryptocurrency itself is not malicious, is often used by cybercriminals for transactions and scams. The Twitter hack furthers the point we try to make towards business. Cybersecurity is critical, and if a multibillion-dollar company (Twitter) can be breached, then so can your company. We understand that this truth can be scary, but it is a truth many companies refuse to face, and many companies do not want to face it. Many choose to cut corners to save many, leading to a poorly designed cybersecurity team and system. We urge you to think carefully about your company’s cybersecurity. Hammett Technologies offers cybersecurity support for companies of all sizes to ensure that your business stays out of the hands of criminals. We help install firewalls, set up Virtual Private Networks (VPNs), and much more for a fraction of the cost of other companies. At Hammett Technologies, we want to work with you, as partners, to ensure your company is as safe as possible. Wanna find out more about how Hammett Technologies can help your business? Find out how we can help your business stay safe!
“Mass Logger,” a new keylogger on the market, has the potential to become extremely dangerous for businesses and individuals. Keyloggers are a type of malware, usually found within phishing campaigns, that store all information you type into your computer. These malicious programs can lead to many of your passwords becoming compromised. Why is This Key Logger so Dangerous? Mass Logger is different from other key loggers. The developer of Mass Logger is frequently updating this key logger to help it remain undetected through automated antivirus solutions. Furthermore, support from the developer allows other cybercriminals to assist with and make requests for the malware. Cofense Intelligence has already identified a phishing campaign hiding Mass Logger. Emails loaded with GuLoader, a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file-sharing platforms is also being used to deliver Mass Logger. A New Kind of Keylogger Additions and features, such as the ability to spread itself through USB ports, set Mass Logger apart from other key loggers. Mass Logger is also able to search for specific file extensions and exfiltrate them. These “features,” and the key loggers continued support from its developer, could see Mass Logger being adopted by a large portion of cybercriminals. Defending Yourself from Mass Logger Defending yourself from malware is tiresome but a necessary task when online. Ensure that you are watching out for suspicious emails from unknown senders. Never open attachments from people you are unfamiliar with or do not know. Merely opening an infected attachment is all malicious programs need to begin infecting your system. Ensure that you trust the sites you are downloading programs from and that they are reputable. If you are worried about your company and want your employees to understand the importance of practicing cybersecurity daily, call Hammett Technologies. We are certified experts and will ensure your business runs at top speed without cutting corners on cybersecurity.
After the death of Iran’s General Qassem Solelmani, the United States may end up dealing with some serious cyber-attacks. Since 1984, the United States has recognized Iran as a nation that supports terrorism and terrorist organizations, which has led to previous conflicts between the two nations. However, after the recent assassination of General Qassem Solelmani, the United States may face fierce retaliation. We have already seen government sites become hacked and defaced with Pro-Iran propaganda. Therefore, while we are unsure which shape their “revenge” will take, it is important that all US citizens prepare for all aspects, especially cyber. The Department of Homeland Security has issued the following statement urging US citizens to be cautious when browsing online over the next couple of weeks. Many of us are aware of the basics when it comes to browsing online safely, but it is important to review. Be cautious of suspicious emails It is better to be safe than sorry. Do not download any attachments, or click any links, from emails unless you are 100% certain the email originated from a trusted sender. Be aware of suspicious websites If a website seems off or is asking for your credentials where it has not before, close the browser and attempt to navigate to the proper website. Fraudulent banking websites are extremely common and usually appear due to simple typos. For businesses, make sure your cybersecurity team has your network locked down and protected against cyber-attacks. It is extremely important that one’s network is protected at all times. This is especially important if you are a business that transports customer confidential data or uses credit card transactions. If you are worried that your business’s network may be easily accessible by criminals, do not hesitate to reach out to Hammett Technologies. With over 20 years of IT and Cybersecurity experience we will help identify flaws that allow attackers to enter your network ensuring your network is protected. Our team will ensure your company’s and customer’s data is secure and encrypted, without interrupting the day to day processes. Contact us today and figure out why we are the #1 growing MSP in Maryland!
New ransomware, Nemty, has been discovered according to the report from BleepingComputer. Nemty, as security researchers are calling it, has the possibility to spread using compromised Remote Desktop Protocol (RDP) connections. Nemty, like all other ransomware, holds the victim’s files hostage, deleting all shadow versions of the files while disabling the victim from any attempted recovery options. Payment is then required via bitcoins, which average about $1,000. Those infected will be prompted with this message: Unfortunately, being so new, a known fix is not available, but security researchers are working diligently to find a fix. While RDP is suspected to be the method of distribution for the ransomware, researchers have not yet confirmed this finding. Most ransomware is distributed through phishing emails. If RDP is the method of distribution, confirming hackers have gained higher access to the machine, cutting out the middleman, and giving them full control of the computer. If you would like to find out more about how Hammett Technologies can keep your company safe, click here!
Security researchers have discovered a security hole in Samsung, LG, Huawei, Sony, and other Android-based phones, leaving multiple users vulnerable to phishing attacks through text messaging. The exploit takes advantage of the over-the-air (OTA) provisioning. Security researchers discovered that the industry standard of OTA provisioning, Open Mobile Alliance Client Provisioning (OMA CP), can be hacked into, allowing attackers to pose as network operators, sending false OMA CP messages to users. If hackers successfully gain access to the OTA, they can use OMA CP to send messages similar to the one above. These messages will ask the user to install new settings on applications. Upon installing, all traffic will then be redirected through a proxy server owned by the attacker, allowing them to read sensitive information. Out of all Android devices affected, researchers agreed that Samsung is the most vulnerable to this attack. Due to the lack of authentication on received OMA CP messages, users only need to accept the CP to install the malicious applications on their phones. Phones from Huawei and Sony do have a secondary defense against CP messages through the International Mobile Subscriber Identity (IMSI). However, hackers can also obtain this relatively easily. One such way was to download a malicious app meant to read the IMSI off a user’s phone. Another way, which entirely bypasses the IMSI is if the attacker sends the user a text message asking them to accept and install a pin-protected OMA CP message. If the pin is entered, the malicious software will be installed on the phone, completely bypassing the IMSI. If you are unsure if the message on your screen is from a trusted supplier, you should contact your service provider before continuing the installation. Small precautions like this can save you both time and energy in the future and prevent your sensitive information from being read by untrusted individuals. If you are worried about the security of your devices, consider contacting Hammett Technologies! Our team of trained professionals will make sure all your connected devices remain secure and up to date, saving you the headache! If you would like to learn more about what we do, click here!
Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through. If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems. Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research
It’s finally time to say goodbye to our old friend. In a few months, January 14, 2020, to be exact, Windows 7 will officially no longer be receiving security patches and updates from Microsoft. Therefore, if you are one of the many still calling Windows 7 your home, it may be time to think about moving to Windows 10. Why is this Important to Me? Many of you are probably thinking, “Why should I worry about moving to a new operating system?”. The answer is security. When Microsoft pulls the plug on the extended support (January 14, 2020) that means Windows 7 will no longer receive any critical updates. Updates that would fix security holes and exploits. This means that the longer you wait to move to Windows 10, the more at risk you are of an attack. Why Not Move to Windows 8? If you are looking for an Operating System similar to Windows 7, you should look no further than to Windows 10. Windows 10, while there are differences between them, is more similar to Windows 7. Windows 8, on the other hand, is, for lack of a better term, a mess. The desperate attempt to mix the mobile and PC platform was a disaster and will ultimately leave you with a sour taste wishing for anything else. The other reason to make the jump to Windows 10 and not 8 is because Windows 8 will also cease support soon. In January 2023 the extended support for Windows 8 will end, and with it will come the same security risks of Windows 7. As we said earlier, for those of you looking to fill the void left from your goodbye to Windows 7, Windows 10 is there. If you find yourself needing assistance in migrating yourself or your company to Windows 10, please give us a call! We will be more than happy to assist you in the transition to Windows 10! To learn more about what we can do to assist your company’s growth, click here!
As technology continues to progress, security on a global scale becomes a larger concern for all. For any country, one of the largest concerns is a cyber attack that could cripple the power of multiple cities. The United States, however, has begun to take steps to counteract this potentially catastrophic situation. After multiple, unsuccessful attacks on the US power grid, the United States government has begun to look at other, older, methods to secure the power grid. The United States has decided that, instead of using updated technology to secure the power grid, the use of older, analog, manual technology is the best way to secure the nation’s power. The United States hopes that, by using manual techniques, the threat of a larger-scale attack will diminish significantly. Furthermore, manual technology means that only direct, physical access will allow access to the power grid, potentially eliminating cyber attacks entirely. As technology continues to advance on a global scale, cyberattacks become more potential and more dangerous. It is interesting to see the United States, instead of contributing higher-tech to securing the power grid, is instead opting for older, retro-styled tactics of security. After all, the best security against a cyberattack is to eliminate the cyber aspect! Are you worried your business may be vulnerable to cyber-attacks? Contact Hammett Technologies today for a free assessment of your network! To find out more about what we can do to help your business grow, click here! (9/10/19) Update ZDNet has reported that the US power grid has just been struck by a cyber attack! Security researchers have discovered that the attack occurred due to an unpatched firewall, allowing hackers to use a DoS attack on the firewalls located in a power grid operator. You can read more about the incident on ZDNet!
A new adware exploit has been discovered recently. Named “Cavallarin” after its founder, the exploit allows for the unwarranted download of various ads onto the users Mac device, all while being trusted by Apple’s macOS Gatekeeper. How the Cavallarin Exploit Works The exploit takes advantage of Mac’s Gatekeeper protection service, allowing for malicious apps to trick the Gatekeeper into thinking they are Apple-certified applications, granting them elevated access to the device. This is a serious concern that Apple has yet to address, even after Filippo Cavallarin approached them with the discovery. When the Gatekeeper is operating properly, it will prompt the user, informing them that the application they are attempting to install is not Apple-certified and could be hazardous. However, if the application takes advantage of the exploit, this prompt will never occur, and the device will become infected. How to Prevent Your Mac Device from Exploitation For now, the easiest method of prevention would be to only download applications that are 100% known to be Apple-certified. Even then, it is smart to remain vigilant regarding any application you are download, always airing on the side of caution. For now, with no comment from Apple regarding the exploit yet, it is hard to say when a patch will be created and pushed to users. If you are still worried about the potential exploitation of your device, Intego’s free VirusBarrier Scanner is able to check your system for apps using the exploit. These threats will appear as “OSX/Linker.”
As technology continues to advance, so do those who aim to use it to exploit others. According to Accenture, when a business suffers a cybersecurity attack, an estimated $2.4 million is spent on recovery, and it takes an estimated 50 days to recover from the attack entirely. On a global scale, the average business can expect to spend on recovery is estimated to be as high as $3.86 million, with another attack within 24 hours with a 27.9% chance (via 2018 Ponemon Report). It is essential that businesses understand this threat, and that investing in preventative measures, such as automation, is important to maintaining a business’s security. What is a Data Breach? According to the 2018 Cost of a Data Breach Study, to classify an event as a “data breach” an individual’s medical record, financial record, and/or debit card information must be placed at risk. This type of information can become exposed due to malicious or criminal attack, system glitch, and even human error. How Does a Business Avoid Data Breaches? In order to prevent a data breach from occurring, a business must invest in a strong cybersecurity team. With the support of a robust cybersecurity team, a business has a better chance of staying ahead of malicious hackers. Furthermore, extensive pressure testing can also aid in prevention. Pressure testing a businesses network environment can reveal vulnerabilities, as well as aid in innovation, keeping your cybersecurity ahead of the attackers. However, one of the most important defenses a business can invest in is automation. What is Automation and How Can It Improve Cyber Defense? When it comes to cybersecurity, automation is your best defender. According to 2019 Study on the Cyber Resilient Organization, automation, in the cybersecurity field, refers to investing and enabling in cybersecurity technologies that assist or replace human intervention in the identification and containment of cyber exploits or breaches. Furthermore, for these technologies to function correctly and efficiently, artificial intelligence and machine learning, must be appropriately implemented. Automation creates a symbiotic relationship with businesses cyber resilience. It reduced the chances a business has of encountering a data breach, as well as the frequency of them occurring. Investing in automation allows for a business to feel more confident in its ability to track, prevent, and contain potential cybersecurity incident. However, while automation does remove humans from the identification and containment procedure, it does not mean that cybersecurity professionals are irrelevant. A business should keep a full staffed cybersecurity team to assist in training, as well as regular maintenance of the automation processes. Furthermore, a fully staffed cybersecurity team can develop a Computer Security Incident Response Plan (CSIRP), which significantly assists in detection and containment. Automation is a necessary part of a company this wished to keep their client’s information save and save money. According to the 2018 Cost of a Data Breach Study, on average, the losses of a company that has fully and effectively implemented automation to their cybersecurity defense, are $2.88 million, while a company that has decided to skip on automation suffers $4.43 million in losses. Automation is an essential tool for any business looking to improve its cybersecurity and cyber resilience. What Other Steps Should a Business Take to Continually Improve its Cyber Resilience? Automation is a crucial component to any businesses cybersecurity detail, but businesses cannot overlook other key personnel and details either. Security intelligence systems can save a company as much as $3.7 million. Companies that take full advantage of encryption and effectively use it can save as much as $1.4 million annually. Properly implementation of a firewall can prevent 2.5 million in losses yearly as well. Perhaps the most often overlooked factor is maintaining a sufficient budget for cybersecurity, which can save a company $2.8 million annually when appropriately maintained. As stated earlier, keeping a fully staffed cybersecurity team crucial to maintaining the network, leading to $2.1 million in savings for the company; however, no team is without its leader. Hiring a Chief Information Security Officer (CISO) can further improve security, as well as save a company $2 million yearly. Lastly, and an added measure as to what automation cannot accomplish is proper training and cybersecurity awareness meetings. Training and informing employees on cybersecurity not only helps to prevent human error, but it also saves a company $1.5 million every year. Automation is crucial, but implementing other cybersecurity personnel and details in equally important in maintaining a proper network. As technology continues to progress, the threats do as well. Therefore, it is up to businesses and cybersecurity teams to implement the proper tools necessary to defend against attacks that can wreak havoc and cause data breaches. At Hammett Technologies we understand the importance and can help evaluate and develop a plan to help train employees and prevent data breaches, ensuring your company’s data remains secure.