While the alarming news about the massive Equifax breach is just days old, Joshua Browder, the entrepreneur behind the robo-lawyer DoNotPay.UK has already taken action on it.

Head over to the DoNotPay website and you’ll be greeted by this splash screen:

 

Browder and his team have built upon their “chatbot” technology which has reportedly already helped nearly 400,000 people successfully fight traffic tickets in New York.

The national aspect of the Equifax breach introduced complexities beyond the relatively simple types of legal matters, say parking tickets in Chicago, which the bot has been helping with so far.

According to reports, his biggest challenge was determining who to sue in each state and the various indiosyncracies of each state’s system.

You can learn more details at WashingtonPost.com and get a different perspective on this approach to suing Equifax over at dailydot.com.

Security Experts, Not Lawyers

Whether using a chatbot to sue Equifax in small claims court is a good decision or not is not our area of expertise. Keeping breaches from happening is! At Konsultek we develop customized, holistic security solutions for organization of all shapes and sizes.

When you’re ready to learn how we can make a difference in your organization’s security, just give us a call and talk to one of our real experts, not a chat bot!

 

read more

According to Symantec hackers have recently gone far beyond past intrusions into the US power grid. Their analysis, as reported on Wired.com, found that the level of compromise was so great that the attackers could have caused black outs to large portions of America at will.

Dozens of Energy Companies Targeted

The responsible hacking group that Symantec has dubbed Dragonfly 2.0 reportedly targeted dozens of energy companies and successfully gained access to more than 20 of the target networks, including a handful of US power companies and at least one in Turkey.

Hand on the Light Switch

In the past we’ve discussed the vulnerabilities of the US power grid and the worldwide concern that utility vulnerabilities posed.  These latest breaches raise the bar of concern because Symantec’s

forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.

Symantec is not naming the compromised parties and has been working with them to remove the operational access the hackers had achieved.

Winter is Coming

Certainly a large scale power outage will be disruptive to any organization, large or small at anytime of the year. However, with Autumn just around the corner and winter coming the discovery of this level of penetration should at the very least make anyone in northern climates take pause. How prepared are your business and employees to deal with a power outage in the middle of winter?

Here is how Eric Chien, Symantec security analyst describes the difference between this latest threat and those uncovered in the past.

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation. We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”

Konsultek Knows Security and Disaster Recovery

If this latest discovery of grid frailty has you pondering what an unexpected loss of power might mean to your organization, you’re not alone. Fortunately, Konsultek is well versed in outage prevention and disaster recovery and can provide the expert guidance you need to get prepared. Give us a call today to discuss our holistic approach to network security and disaster recovery.

 

read more

In an interview with Wired.co.uk, McAfee Chief Scientist, Raj Samani, shared a handful of interesting reasons why cyber-security should be getting more attention than ever in organizations of all sizes. Here are three of his more interesting thoughts.

Reason 1 – Everyone’s a Target

“Everybody’s a target. Everyone is,” he says. “Small-to-medium-sized businesses, some [of them] say, ‘well, cybersecurity isn’t big for us – we’re a small company, nobody would hit us.’ Well, you know what? That approach now has to change.

Reason 2 – The Barrier to Cyber-Crime Entry is Lower than Ever Before

“I don’t think just because you’re a small business you’re going to facing low-level stuff – I think you could be facing some pretty good stuff. It’s easy to do now. If I wanted to go out and compromise you, your life and everything about you, I could go onto Facebook, find out what [you] like, what football clubs [you] support, where you used to work, then I send you an e-mail and make it look convincing… I can do that in, what, eight minutes? Five minutes? I can find out everything about your life. So the technical barriers required to become a cybercriminal are the lowest they’ve ever been – and then continue to fall every single day.”

Reason 3 – The Attack Surface for Companies and Individuals is Growing

The attack surface for the average person – as an individual, or an employee and potential weak point in a company’s digital security structure – has grown in-line with smartphones, smart TVs, and the current dawn of in-home personal assistants like Amazon’s Alexa or Google Home.

Konsultek Knows Security

The three reasons given above are just a few of the reasons we at Konsultek emphasize a solutions approach that examines your business processes in relation to network security. Our consultative approach to security starts with understanding your assets, processes and potential vulnerabilities before crafting a customized solution.
Simply slapping hardware or software in place is not sufficient, even for the smallest of organizations.

Make Sense? Give us a call to learn more about our sophisticated, yet common sense solutions to network security and infrastructure optimization.

read more

It seems that spammers, those irritants of your inbox, are working a “regular” job just like you or me. They put in long hours, for the most part they work weekdays and with the exception of the night owls, work regular business hours. This according to the IBM X-Force Kassel research team which operates a massive network of spam honeypots.

By gathering billions of unsolicited “spam” emails every year the team can easily identify and study trends in the world of spam.

Most recently the team looked at what a typical spammer’s workweek looked like and here are some of the interesting things they found.

1.  The Weekly Grind – much like the rest of the working world, spammers and their bots apparently work a typical work week with typical hours. Over 83% of spam email is sent during the business week with the highest concentration being delivered on Tuesday, Wednesday and Thursday.

Source: IBM X-Force Kassel

2. Business Hours – The typical spammer works business hours…North America and European hours. Sure it makes for a long day, starting with early morning in Europe and not slacking off until near the end of East coast business hours (around 4pm). IBM feels that this pattern is driven in part by the types of malware being delivered which are more targeted towards businesses rather than individuals.

3. Some Folks Work Nights and Weekends – So while the principle targets are corporate employees, there is a dedicated contingent of spammers who work weekends, especially weekend nights, rounding out the spamming ebb and flow.

4. Where the Spammers Live – Based upon IP address tracking it would appear that the primary locations for spammers are:

Source: IBM X-Force Kassel

Spammers are Dedicated to their Craft

The spammers are a dedicated bunch. The work day-in and day-out, delivering their messages to their victims relentlessly. And, of course, they continue to innovate from the type of message sent to the type of attachment used to the type of malware exploit delivered.

Konsultek is Dedicated to Security

When your foe is as dedicated as the spammers are you need someone on your team who is just as dedicated and even more innovative. That’s where Konsultek comes in. We’ve been developing world class security solutions for over 20 years. If you think it’s about time you trimmed your diet of spam, give us a call and we’ll help you develop a solution that will have you saying “no thank you” to spam, no matter how many times it’s offered to you.

 

read more

In an earlier post we discussed the impact Petya was having on the profits of multinationals that had fallen victim. Today, according to Bloomberg news we learned:

A.P. Moller-Maersk A/S said a cyberattack that hit the owner of the world’s biggest container shipping company at the end of June will wipe as much as $300 million off profits in the third quarter.”

Maersk, like the other victims found much of its IT systems crippled by Petya. This prevented the world’s largest shipping company from taking orders for several days.

“These system shutdowns resulted in significant business interruption during the shutdown period,” Maersk reported. The financial impact in the second quarter was “limited,” but “the impact in the third quarter is larger, due to temporary lost revenue in July,” it said.

According to Maersk, the Petya attack’s impact was confined to operational difficulties and there was no loss of data.

3 Other’s Lose Millions as Well

Reckitt Benckiser, has put some more exact figures to their Petya related losses. The U.K.-based consumer products conglomerate reported last week that the Petya disruption would trim a whopping 90 million pounds from its projected 2017 sales. Petya disrupted 2,000 company servers and temporarily disabled 15,000 company laptops.

Beiersdorf AG , best known for its Nivea skin-cream brand has reported a Petya related cost of 35 million euros ($41.5 million) in first-half sales. Further costs will likely be attributed to the attack once the impact of held inventory and disrupted production is full quantified.

Cie. de Saint-Gobain, the French building materials manufacturer  has reported the cyber-attack would lower sales about 250 million euros in 2017 year.

Some European Companies Get Proactive

Companies are now piling up the sandbags” as reported in a related article on Bloomberg.com in which several companies described proactive measures they are taking in advance of the next cyber-threat to land at their doorstep.

Two examples are, Germany’s national Deutsche Bahn railroad which created a “cyber rapid deployment force” of highly trained IT specialists with computer-threat experience to be available around the clock against future attacks, a spokesman said. And U.K. advertising agency WPP Plc . They plan to increase their investment in IT security after Petya spread across the agency.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more